CVE-2024-53147

Summary

In the Linux kernel, the following vulnerability has been resolved:

exfat: fix out-of-bounds access of directory entries

In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption.

This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < a0120d6463368378539ef928cf067d02372efb8caffected
LinuxLinux1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 3ddd1cb2b458ff6a193bc845f408dfff217db29eaffected
LinuxLinux1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 < 184fa506e392eb78364d9283c961217ff2c0617baffected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux6.11.11 <= 6.11.*unaffected
LinuxLinux6.12.2 <= 6.12.*unaffected
LinuxLinux6.13 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References