CVE-2024-38624 - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow For example, in the expression: vbo = 2 * vbo + skip

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/109d85a98345ee52d47c650405dc51bdd2bc7d40
https://git.kernel.org/stable/c/2d1ad595d15f36a925480199bf1d9ad72614210b
https://git.kernel.org/stable/c/847db4049f6189427ddaefcfc967d4d235b73c57
https://git.kernel.org/stable/c/98db3155b54d3684ef0ab5bfa0b856d13f65843d
https://git.kernel.org/stable/c/e931f6b630ffb22d66caab202a52aa8cbb10c649
https://lore.kernel.org/linux-cve-announce/2024062139-CVE-2024-38624-4711@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-38624
https://www.cve.org/CVERecord?id=CVE-2024-38624

History

Thu, 12 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-06-21T10:18:16.940Z

Updated: 2024-11-05T09:31:10.465Z

Reserved: 2024-06-18T19:36:34.945Z

Link: CVE-2024-38624

Vulnrichment

Updated: 2024-08-02T04:12:25.940Z

NVD

Status : Awaiting Analysis

Published: 2024-06-21T11:15:11.353

Modified: 2024-06-21T11:22:01.687

Link: CVE-2024-38624

Redhat

Severity : Moderate

Publid Date: 2024-06-21T00:00:00Z

Links: CVE-2024-38624 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38624", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-06-18T19:36:34.945Z", "datePublished": "2024-06-21T10:18:16.940Z", "dateUpdated": "2024-11-05T09:31:10.465Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:31:10.465Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use 64 bit variable to avoid 32 bit overflow\n\nFor example, in the expression:\n\tvbo = 2 * vbo + skip"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/fslog.c"], "versions": [{"version": "b46acd6a6a62", "lessThan": "2d1ad595d15f", "status": "affected", "versionType": "git"}, {"version": "b46acd6a6a62", "lessThan": "98db3155b54d", "status": "affected", "versionType": "git"}, {"version": "b46acd6a6a62", "lessThan": "109d85a98345", "status": "affected", "versionType": "git"}, {"version": "b46acd6a6a62", "lessThan": "847db4049f61", "status": "affected", "versionType": "git"}, {"version": "b46acd6a6a62", "lessThan": "e931f6b630ff", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/ntfs3/fslog.c"], "versions": [{"version": "5.15", "status": "affected"}, {"version": "0", "lessThan": "5.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.161", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.93", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.33", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.9.4", "lessThanOrEqual": "6.9.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/2d1ad595d15f36a925480199bf1d9ad72614210b"}, {"url": "https://git.kernel.org/stable/c/98db3155b54d3684ef0ab5bfa0b856d13f65843d"}, {"url": "https://git.kernel.org/stable/c/109d85a98345ee52d47c650405dc51bdd2bc7d40"}, {"url": "https://git.kernel.org/stable/c/847db4049f6189427ddaefcfc967d4d235b73c57"}, {"url": "https://git.kernel.org/stable/c/e931f6b630ffb22d66caab202a52aa8cbb10c649"}], "title": "fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.940Z"}, "title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2d1ad595d15f36a925480199bf1d9ad72614210b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/98db3155b54d3684ef0ab5bfa0b856d13f65843d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/109d85a98345ee52d47c650405dc51bdd2bc7d40", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/847db4049f6189427ddaefcfc967d4d235b73c57", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e931f6b630ffb22d66caab202a52aa8cbb10c649", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:09:15.600220Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T17:34:44.920Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://git.kernel.org/stable/c/2d1ad595d15f36a925480199bf1d9ad72614210b", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/98db3155b54d3684ef0ab5bfa0b856d13f65843d", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/109d85a98345ee52d47c650405dc51bdd2bc7d40", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/847db4049f6189427ddaefcfc967d4d235b73c57", "tags": ["x_transferred"]}, {"url": "https://git.kernel.org/stable/c/e931f6b630ffb22d66caab202a52aa8cbb10c649", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.940Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38624", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T17:09:15.600220Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:25.601Z"}}], "cna": {"title": "fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "b46acd6a6a62", "lessThan": "2d1ad595d15f", "versionType": "git"}, {"status": "affected", "version": "b46acd6a6a62", "lessThan": "98db3155b54d", "versionType": "git"}, {"status": "affected", "version": "b46acd6a6a62", "lessThan": "109d85a98345", "versionType": "git"}, {"status": "affected", "version": "b46acd6a6a62", "lessThan": "847db4049f61", "versionType": "git"}, {"status": "affected", "version": "b46acd6a6a62", "lessThan": "e931f6b630ff", "versionType": "git"}], "programFiles": ["fs/ntfs3/fslog.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.15"}, {"status": "unaffected", "version": "0", "lessThan": "5.15", "versionType": "custom"}, {"status": "unaffected", "version": "5.15.161", "versionType": "custom", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.93", "versionType": "custom", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.33", "versionType": "custom", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.9.4", "versionType": "custom", "lessThanOrEqual": "6.9.*"}, {"status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/ntfs3/fslog.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/2d1ad595d15f36a925480199bf1d9ad72614210b"}, {"url": "https://git.kernel.org/stable/c/98db3155b54d3684ef0ab5bfa0b856d13f65843d"}, {"url": "https://git.kernel.org/stable/c/109d85a98345ee52d47c650405dc51bdd2bc7d40"}, {"url": "https://git.kernel.org/stable/c/847db4049f6189427ddaefcfc967d4d235b73c57"}, {"url": "https://git.kernel.org/stable/c/e931f6b630ffb22d66caab202a52aa8cbb10c649"}], "x_generator": {"engine": "bippy-c9c4e1df01b2"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Use 64 bit variable to avoid 32 bit overflow\n\nFor example, in the expression:\n\tvbo = 2 * vbo + skip"}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-07-15T06:49:18.295Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38624", "state": "PUBLISHED", "dateUpdated": "2024-09-11T17:34:44.920Z", "dateReserved": "2024-06-18T19:36:34.945Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-06-21T10:18:16.940Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"bugzilla": {"description": "kernel: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow", "id": "2293703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293703"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nfs/ntfs3: Use 64 bit variable to avoid 32 bit overflow\nFor example, in the expression:\nvbo = 2 * vbo + skip"], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-38624", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-06-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-38624\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-38624\nhttps://lore.kernel.org/linux-cve-announce/2024062139-CVE-2024-38624-4711@gregkh/T"], "statement": "Red Hat Enterprise Linux is not vulnerable to this CVE, as it does not affect the versions or configurations of the Linux kernel used in its distributions.", "threat_severity": "Moderate", "upstream_fix": "kernel 5.15.161, kernel 6.1.93, kernel 6.6.33, kernel 6.9.4, kernel 6.10-rc1"}