Description

In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blk_ioctl_discard() but for secure erase. Same problem: uint64_t r[2] = {512, 18446744073709551104ULL}; ioctl(fd, BLKSECDISCARD, r); will enter near infinite loop inside blkdev_issue_secure_erase(): a.out: attempt to access beyond end of device loop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048 bio_check_eod: 3286214 callbacks suppressed

INFO

Published Date :

2024-10-21T18:02:35.722Z

Last Modified :

2025-11-03T20:42:46.112Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49994 vulnerability.

Vendors Products
Linux
  • Linux Kernel
Redhat
  • Enterprise Linux
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49994.

URL Resource
https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa cve-icon cve-icon
https://git.kernel.org/stable/c/697ba0b6ec4ae04afb67d3911799b5e2043b4455 cve-icon cve-icon
https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d cve-icon cve-icon
https://git.kernel.org/stable/c/8476f8428e8b48fd7a0e4258fa2a96a8f4468239 cve-icon cve-icon
https://git.kernel.org/stable/c/a99bacb35c1416355eef957560e8fcac3a665549 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024102138-CVE-2024-49994-de99@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-49994 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49994 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact