5.5

CVE-2024-50272

filemap: Fix bounds checking in filemap_read()

In the Linux kernel, the following vulnerability has been resolved:

filemap: Fix bounds checking in filemap_read()

If the caller supplies an iocb->ki_pos value that is close to the
filesystem upper limit, and an iterator with a count that causes us to
overflow that limit, then filemap_read() enters an infinite loop.

This behaviour was discovered when testing xfstests generic/525 with the
"localio" optimisation for loopback NFS mounts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.16.40 < 3.17
LinuxLinux Kernel Version >= 4.7.10 < 4.8
LinuxLinux Kernel Version >= 4.8.4 < 4.9
LinuxLinux Kernel Version >= 4.9 < 6.1.117
LinuxLinux Kernel Version >= 6.2 < 6.6.61
LinuxLinux Kernel Version >= 6.7 < 6.11.8
LinuxLinux Kernel Version6.12 Updaterc1
LinuxLinux Kernel Version6.12 Updaterc2
LinuxLinux Kernel Version6.12 Updaterc3
LinuxLinux Kernel Version6.12 Updaterc4
LinuxLinux Kernel Version6.12 Updaterc5
LinuxLinux Kernel Version6.12 Updaterc6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.155
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://git.kernel.org/stable/c/26530b757c81f1389fb33ae0357500150933161b
Patch
https://git.kernel.org/stable/c/6450e73f4c86d481ac2e22e1bc848d346e140826
Patch
https://git.kernel.org/stable/c/a2746ab3bbc9c6408da5cd072653ec8c24749235
Patch
https://git.kernel.org/stable/c/ace149e0830c380ddfce7e466fe860ca502fe4ee
Patch
https://git.kernel.org/stable/c/6cc52df69e8464811f9f6fc12f7aaa78451eb0b8
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html