CVE-2024-50143

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-50143
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50143.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-50143
Downstream
Related
Published
2024-11-07T09:31:20.340Z
Modified
2026-03-20T12:39:36.196483Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
udf: fix uninit-value use in udf_get_fileshortad
Details

In the Linux kernel, the following vulnerability has been resolved:

udf: fix uninit-value use in udfgetfileshortad

Check for overflow when computing alen in udfcurrentaext to mitigate later uninit-value use in udfgetfileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2].

[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50143.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Fixed
5eb76fb98b3335aa5cca6a7db2e659561c79c32b
Fixed
417bd613bdbe791549f7687bb1b9b8012ff111c2
Fixed
0ce61b1f6b32df822b59c680cbe8e5ba5d335742
Fixed
4fc0d8660e391dcd8dde23c44d702be1f6846c61
Fixed
72e445df65a0aa9066c6fe2b8736ba2fcca6dac7
Fixed
1ac49babc952f48d82676979b20885e480e69be8
Fixed
e52e0b92ed31dc62afbda15c243dcee0bb5bb58d
Fixed
264db9d666ad9a35075cc9ed9ec09d021580fbb1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-50143.json"