- Vulnerability/
- CVE-2024-42306
CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer
First published: Sat Aug 17 2024(Updated: )
In the Linux kernel, the following vulnerability has been resolved: udf: Avoid using corrupted block bitmap buffer When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. However the next allocation from the same bitmap will notice the bitmap buffer is already loaded and tries to allocate from the bitmap with mixed results (depending on the exact nature of the bitmap corruption). Fix the problem by using BH_verified bit to indicate whether the bitmap is valid or not.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/linux | <=5.10.223-1 | 5.10.226-1 6.1.115-1 6.1.112-1 6.11.7-1 6.11.9-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5
- https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd
- https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af
- https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64
- https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65
- https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f
- https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42306
- https://nvd.nist.gov/vuln/detail/CVE-2024-42306
- https://launchpad.net/bugs/cve/CVE-2024-42306
- https://security-tracker.debian.org/tracker/CVE-2024-42306
- https://ubuntu.com/security/CVE-2024-42306
- https://git.kernel.org/linus/a90d4471146de21745980cba51ce88e7926bcc4f
- agent/severity
- agent/title
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/nvd-cve
- agent/references
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- package-manager/debian