CVE-2024-50143

udf: fix uninit-value use in udf_get_fileshortad

Description

In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000

INFO

Published Date :

2024-11-07T09:31:20.340Z

Last Modified :

2026-01-05T10:55:11.255Z

Source :

Linux

AFFECTED PRODUCTS

The following products are affected by CVE-2024-50143 vulnerability.

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-50143.

URL	Resource
https://git.kernel.org/stable/c/0ce61b1f6b32df822b59c680cbe8e5ba5d335742
https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8
https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1
https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2
https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61
https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b
https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7
https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
https://lore.kernel.org/linux-cve-announce/2024110743-CVE-2024-50143-4678@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2024-50143
https://www.cve.org/CVERecord?id=CVE-2024-50143

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact