U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2024-50143 Detail

Description

In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8 Patch 
https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1 Patch 
https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2 Patch 
https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61 Patch 
https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b Patch 
https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7 Patch 
https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d Patch 

Weakness Enumeration

CWE-ID CWE Name Source
CWE-908 Use of Uninitialized Resource cwe source acceptance level NIST  

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

3 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2024-50143
NVD Published Date:
11/07/2024
NVD Last Modified:
11/15/2024
Source:
kernel.org