CVE-2024-50143
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
07/11/2024
Last modified:
15/11/2024
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
udf: fix uninit-value use in udf_get_fileshortad<br />
<br />
Check for overflow when computing alen in udf_current_aext to mitigate<br />
later uninit-value use in udf_get_fileshortad KMSAN bug[1].<br />
After applying the patch reproducer did not trigger any issue[2].<br />
<br />
[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df<br />
[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.19.323 (excluding) | |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 4.20 (including) | 5.4.285 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.5 (including) | 5.15.170 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.115 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.59 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.11.6 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8
- https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1
- https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2
- https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61
- https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b
- https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7
- https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d