{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-42306", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-07-30T07:40:12.273Z", "datePublished": "2024-08-17T09:09:11.938Z", "dateUpdated": "2024-11-05T09:40:07.259Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:40:07.259Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/udf/balloc.c", "fs/udf/super.c"], "versions": [{"version": "7648ea9896b3", "lessThan": "cae9e59cc416", "status": "affected", "versionType": "git"}, {"version": "4ac54312f623", "lessThan": "2199e157a465", "status": "affected", "versionType": "git"}, {"version": "099bf90d7fc4", "lessThan": "6a43e3c210df", "status": "affected", "versionType": "git"}, {"version": "6ac8f2c8362a", "lessThan": "271cab2ca006", "status": "affected", "versionType": "git"}, {"version": "1e0d4adf17e7", "lessThan": "57053b3bcf34", "status": "affected", "versionType": "git"}, {"version": "1e0d4adf17e7", "lessThan": "8ca170c39eca", "status": "affected", "versionType": "git"}, {"version": "1e0d4adf17e7", "lessThan": "a90d4471146d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/udf/balloc.c", "fs/udf/super.c"], "versions": [{"version": "6.3", "status": "affected"}, {"version": "0", "lessThan": "6.3", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.282", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.224", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.165", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.103", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.44", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.3", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914"}, {"url": "https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5"}, {"url": "https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64"}, {"url": "https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd"}, {"url": "https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af"}, {"url": "https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65"}, {"url": "https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f"}], "title": "udf: Avoid using corrupted block bitmap buffer", "x_generator": {"engine": "bippy-9e1c9544281a"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:10:15.929324Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T17:33:27.843Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-42306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-10T16:10:15.929324Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T12:42:23.498Z"}}], "cna": {"title": "udf: Avoid using corrupted block bitmap buffer", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "7648ea9896b3", "lessThan": "cae9e59cc416", "versionType": "git"}, {"status": "affected", "version": "4ac54312f623", "lessThan": "2199e157a465", "versionType": "git"}, {"status": "affected", "version": "099bf90d7fc4", "lessThan": "6a43e3c210df", "versionType": "git"}, {"status": "affected", "version": "6ac8f2c8362a", "lessThan": "271cab2ca006", "versionType": "git"}, {"status": "affected", "version": "1e0d4adf17e7", "lessThan": "57053b3bcf34", "versionType": "git"}, {"status": "affected", "version": "1e0d4adf17e7", "lessThan": "8ca170c39eca", "versionType": "git"}, {"status": "affected", "version": "1e0d4adf17e7", "lessThan": "a90d4471146d", "versionType": "git"}], "programFiles": ["fs/udf/balloc.c", "fs/udf/super.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "6.3"}, {"status": "unaffected", "version": "0", "lessThan": "6.3", "versionType": "semver"}, {"status": "unaffected", "version": "5.4.282", "versionType": "semver", "lessThanOrEqual": "5.4.*"}, {"status": "unaffected", "version": "5.10.224", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.165", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.103", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.44", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.3", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/udf/balloc.c", "fs/udf/super.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914"}, {"url": "https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5"}, {"url": "https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64"}, {"url": "https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd"}, {"url": "https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af"}, {"url": "https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65"}, {"url": "https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f"}], "x_generator": {"engine": "bippy-9e1c9544281a"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-11-05T09:40:07.259Z"}}}, "cveMetadata": {"cveId": "CVE-2024-42306", "state": "PUBLISHED", "dateUpdated": "2024-11-05T09:40:07.259Z", "dateReserved": "2024-07-30T07:40:12.273Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-08-17T09:09:11.938Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not."}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: udf: evite el uso del b\u00fafer de mapa de bits de bloque da\u00f1ado Cuando el mapa de bits de bloque del sistema de archivos est\u00e1 da\u00f1ado, detectamos la corrupci\u00f3n mientras cargamos el mapa de bits y fallamos la asignaci\u00f3n con error. Sin embargo, la siguiente asignaci\u00f3n del mismo mapa de bits notar\u00e1 que el b\u00fafer de mapa de bits ya est\u00e1 cargado e intentar\u00e1 realizar la asignaci\u00f3n desde el mapa de bits con resultados mixtos (dependiendo de la naturaleza exacta de la corrupci\u00f3n del mapa de bits). Solucione el problema utilizando el bit BH_verified para indicar si el mapa de bits es v\u00e1lido o no."}], "id": "CVE-2024-42306", "lastModified": "2024-08-19T12:59:59.177", "metrics": {}, "published": "2024-08-17T09:15:10.777", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: udf: Avoid using corrupted block bitmap buffer", "id": "2305451", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305451"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nudf: Avoid using corrupted block bitmap buffer\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not."], "name": "CVE-2024-42306", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-08-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42306\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42306\nhttps://lore.kernel.org/linux-cve-announce/2024081750-CVE-2024-42306-647c@gregkh/T"], "threat_severity": "Moderate"}