Squashfs: sanity check symbolic link size
CVE-2024-46744

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 September 2024

What is CVE-2024-46744?

A vulnerability in the Linux kernel's Squashfs has been identified related to inadequate validation of symbolic link sizes during disk operations. Specifically, an improperly initialized page can occur when a corrupted symbolic link size is read from disk, leading to erroneous behavior in subsequent operations. This is initiated when the function squashfs_read_inode() assigns an incorrect size to the inode, which, due to integer overflow, results in the length variable being negative. This condition leads to a loop responsible for filling page content being bypassed, ultimately leading to uninitialized memory exposure. A recent patch addresses this issue by including a sanity check to ensure that symbolic link sizes do not exceed anticipated limits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 6545b246a2c815a8fcd07d58240effb6ec3481b1

Linux 6545b246a2c815a8fcd07d58240effb6ec3481b1 < 1b9451ba6f21478a75288ea3e3fca4be35e2a438

Linux 6545b246a2c815a8fcd07d58240effb6ec3481b1 < 5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4

References

https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26e...
https://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e...
https://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.