fkie_cve-2024-53147
Vulnerability from fkie_nvd
Published
2024-12-24 12:15
Modified
2024-12-24 12:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/184fa506e392eb78364d9283c961217ff2c0617b
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/3ddd1cb2b458ff6a193bc845f408dfff217db29e
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/a0120d6463368378539ef928cf067d02372efb8c
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix out-of-bounds access of directory entries\n\nIn the case of the directory size is greater than or equal to\nthe cluster size, if start_clu becomes an EOF cluster(an invalid\ncluster) due to file system corruption, then the directory entry\nwhere ei-\u003ehint_femp.eidx hint is outside the directory, resulting\nin an out-of-bounds access, which may cause further file system\ncorruption.\n\nThis commit adds a check for start_clu, if it is an invalid cluster,\nthe file or directory will be treated as empty."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: exfat: corrige el acceso fuera de los l\u00edmites de las entradas del directorio. En el caso de que el tama\u00f1o del directorio sea mayor o igual al tama\u00f1o del cl\u00faster, si start_clu se convierte en un cl\u00faster EOF (un cl\u00faster no v\u00e1lido cluster) debido a una corrupci\u00f3n del sistema de archivos, entonces la entrada del directorio donde ei-\u0026gt;hint_femp.eidx sugerencia est\u00e1 fuera del directorio, lo que resulta en un acceso fuera de los l\u00edmites, lo que puede causar una mayor corrupci\u00f3n del sistema de archivos. Este commit agrega una verificaci\u00f3n de start_clu; si es un cl\u00faster no v\u00e1lido, el archivo o directorio se tratar\u00e1 como vac\u00edo."
    }
  ],
  "id": "CVE-2024-53147",
  "lastModified": "2024-12-24T12:15:22.777",
  "metrics": {},
  "published": "2024-12-24T12:15:22.777",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/184fa506e392eb78364d9283c961217ff2c0617b"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/3ddd1cb2b458ff6a193bc845f408dfff217db29e"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/a0120d6463368378539ef928cf067d02372efb8c"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.