7.8

CVE-2024-50143

udf: fix uninit-value use in udf_get_fileshortad

In the Linux kernel, the following vulnerability has been resolved:

udf: fix uninit-value use in udf_get_fileshortad

Check for overflow when computing alen in udf_current_aext to mitigate
later uninit-value use in udf_get_fileshortad KMSAN bug[1].
After applying the patch reproducer did not trigger any issue[2].

[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df
[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 4.19.323
LinuxLinux Kernel Version >= 4.20 < 5.4.285
LinuxLinux Kernel Version >= 5.5 < 5.15.170
LinuxLinux Kernel Version >= 5.16 < 6.1.115
LinuxLinux Kernel Version >= 6.2 < 6.6.59
LinuxLinux Kernel Version >= 6.7 < 6.11.6
LinuxLinux Kernel Version6.12 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.182
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8
Patch
https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1
Patch
https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2
Patch
https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61
Patch
https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b
Patch
https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7
Patch
https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d
Patch
https://git.kernel.org/stable/c/0ce61b1f6b32df822b59c680cbe8e5ba5d335742
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html