CVE-2024-50143

HIGH EPSS 18.4%
Published Nov 7, 20241y ago · Modified Jun 17, 20261w ago
7.8 CVSS 3.1
High
Find Similar
Published Nov 7, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
18.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 7

VendorProductVersionRange
linuxlinux_kernel* <4.19.323
linuxlinux_kernel*≥4.20  –  <5.4.285
linuxlinux_kernel*≥5.5  –  <5.15.170
linuxlinux_kernel*≥5.16  –  <6.1.115
linuxlinux_kernel*≥6.2  –  <6.6.59
linuxlinux_kernel*≥6.7  –  <6.11.6
linuxlinux_kernel6.12any

References 9

  • git.kernel.org https://git.kernel.org/stable/c/0ce61b1f6b32df822b59c680cbe8e5ba5d335742
  • git.kernel.org https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d
    Patch
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d
    Patch