CVE-2024-53147
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix out-of-bounds access of directory entries
In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption.
This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < a0120d6463368378539ef928cf067d02372efb8c | affected |
| Linux | Linux | 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 3ddd1cb2b458ff6a193bc845f408dfff217db29e | affected |
| Linux | Linux | 1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 184fa506e392eb78364d9283c961217ff2c0617b | affected |
| Linux | Linux | 5.7 | affected |
| Linux | Linux | 0 < 5.7 | unaffected |
| Linux | Linux | 6.11.11 <= 6.11.* | unaffected |
| Linux | Linux | 6.12.2 <= 6.12.* | unaffected |
| Linux | Linux | 6.13 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://git.kernel.org/stable/c/a0120d6463368378539ef928cf067d02372efb8c
- https://git.kernel.org/stable/c/3ddd1cb2b458ff6a193bc845f408dfff217db29e
- https://git.kernel.org/stable/c/184fa506e392eb78364d9283c961217ff2c0617b
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.