CVE-2024-38624

EPSS 0.02%
Veröffentlicht 21.06.2024 11:15:11
Zuletzt bearbeitet 03.10.2025 16:08:44
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
Teams Watchlist Login
Unerledigt Login

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow

For example, in the expression:
	vbo = 2 * vbo + skip

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.15 < 5.15.161

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.93

Linux ≫ Linux Kernel Version >= 6.2 < 6.6.33

Linux ≫ Linux Kernel Version >= 6.7 < 6.9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.039

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/109d85a98345ee52d47c650405dc51bdd2bc7d40

Patch

https://git.kernel.org/stable/c/2d1ad595d15f36a925480199bf1d9ad72614210b

Patch

https://git.kernel.org/stable/c/847db4049f6189427ddaefcfc967d4d235b73c57

Patch

https://git.kernel.org/stable/c/98db3155b54d3684ef0ab5bfa0b856d13f65843d

Patch

https://git.kernel.org/stable/c/e931f6b630ffb22d66caab202a52aa8cbb10c649

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-38624

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38624

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38624

EUVD