CVE-2024-50272

Summary

In the Linux kernel, the following vulnerability has been resolved:

filemap: Fix bounds checking in filemap_read()

If the caller supplies an iocb->ki_pos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemap_read() enters an infinite loop.

This behaviour was discovered when testing xfstests generic/525 with the "localio" optimisation for loopback NFS mounts.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxc2a9737f45e27d8263ff9643f994bda9bac0b944 < 6cc52df69e8464811f9f6fc12f7aaa78451eb0b8affected
LinuxLinuxc2a9737f45e27d8263ff9643f994bda9bac0b944 < 26530b757c81f1389fb33ae0357500150933161baffected
LinuxLinuxc2a9737f45e27d8263ff9643f994bda9bac0b944 < a2746ab3bbc9c6408da5cd072653ec8c24749235affected
LinuxLinuxc2a9737f45e27d8263ff9643f994bda9bac0b944 < 6450e73f4c86d481ac2e22e1bc848d346e140826affected
LinuxLinuxc2a9737f45e27d8263ff9643f994bda9bac0b944 < ace149e0830c380ddfce7e466fe860ca502fe4eeaffected
LinuxLinux272830350bb1bb5bb39395966ea63b9864b135d1affected
LinuxLinuxfbc7b803831e5c8a42c1f3427a17e55a814d6b3caffected
LinuxLinux3d549dcfbbb0ecdaa571431a27ee5da9f2466716affected
LinuxLinux3.16.40 < 3.17affected
LinuxLinux4.7.10 < 4.8affected
LinuxLinux4.8.4 < 4.9affected
LinuxLinux4.9affected
LinuxLinux0 < 4.9unaffected
LinuxLinux5.15.181 <= 5.15.*unaffected
LinuxLinux6.1.117 <= 6.1.*unaffected
LinuxLinux6.6.61 <= 6.6.*unaffected
LinuxLinux6.11.8 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References