CVE-2024-53234 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta[1] lclusters gracefully syzbot reported a WARNING in iomap_iter_done: iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctl_fiemap fs/ioctl.c:220 [inline] Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted images and filesystems created by pre-1.0 mkfs versions. Previously, it would immediately bail out if delta[1]==0, which led to inadequate decompressed lengths (thus FIEMAP is impacted). Treat it as delta[1]=1 to work around these legacy mkfs versions. `lclusterbits > 14` is illegal for compact indexes, error out too.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://git.kernel.org/stable/c/0bc8061ffc733a0a246b8689b2d32a3e9204f43c
https://git.kernel.org/stable/c/480c6c7b55aeacac800bc2a0d321ff53273045e5
https://git.kernel.org/stable/c/daaf68fef4b2ff97928227630021d37b27a96655
https://git.kernel.org/stable/c/f466641debcbea8bdf78d1b63a6270aadf9301bf

History

Fri, 27 Dec 2024 14:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta[1] lclusters gracefully syzbot reported a WARNING in iomap_iter_done: iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctl_fiemap fs/ioctl.c:220 [inline] Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted images and filesystems created by pre-1.0 mkfs versions. Previously, it would immediately bail out if delta[1]==0, which led to inadequate decompressed lengths (thus FIEMAP is impacted). Treat it as delta[1]=1 to work around these legacy mkfs versions. `lclusterbits > 14` is illegal for compact indexes, error out too.
Title		erofs: handle NONHEAD !delta[1] lclusters gracefully
References		https://git.kernel.org/stable/c/0bc8061ffc733a0a246b8689b2d32a3e9204f43c https://git.kernel.org/stable/c/480c6c7b55aeacac800bc2a0d321ff53273045e5 https://git.kernel.org/stable/c/daaf68fef4b2ff97928227630021d37b27a96655 https://git.kernel.org/stable/c/f466641debcbea8bdf78d1b63a6270aadf9301bf

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2024-12-27T13:50:20.909Z

Updated: 2024-12-27T13:50:20.909Z

Reserved: 2024-11-19T17:17:25.026Z

Link: CVE-2024-53234

Vulnrichment

No data.

NVD

Status : Received

Published: 2024-12-27T14:15:31.783

Modified: 2024-12-27T14:15:31.783

Link: CVE-2024-53234

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object