CVE-2024-53235
MEDIUM EPSS 6.6%
Published Dec 27, 20241y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Dec 27, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [inline] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [inline] erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625 Unlike most filesystems, some network filesystems and FUSE need unavoidable valid `file` pointers for their read I/Os [1]. Anyway, those use cases need to be supported too. [1] https://docs.kernel.org/filesystems/vfs.html
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
6.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-476 NULL Pointer Dereference Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥6.12 – <6.12.2 |
References 2
- git.kernel.org https://git.kernel.org/stable/c/3a23787ca8756920d65fda39f41353a4be1d1642
- git.kernel.org https://git.kernel.org/stable/c/5036f2f024cac40a02ea6ea70de2c3a4407d16bc
Remediation
- git.kernel.org https://git.kernel.org/stable/c/3a23787ca8756920d65fda39f41353a4be1d1642
- git.kernel.org https://git.kernel.org/stable/c/5036f2f024cac40a02ea6ea70de2c3a4407d16bc