Directory Offset Vulnerability in Linux Kernel
CVE-2024-57952

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 February 2025

Summary

A vulnerability in the Linux kernel's handling of directory offsets can lead to the permanent disappearance of directory entries in specific scenarios. This occurs when the offset allocator wraps around on 32-bit platforms, resulting in the readdir(3) function's inability to list existing entries due to improper comparison logic introduced in a prior commit. The fix involves reverting a previous change to ensure proper handling of directory offsets on all architectures, particularly to prevent this issue from affecting older and low-capacity systems.

Affected Version(s)

Linux 64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a < 9e9e710f68bac49bd9b587823c077d06363440e0

Linux 64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a < 3f250b82040a72b0059ae00855a74d8570ad2147

Linux 64a7ce76fb901bf9f9c36cf5d681328fc0fd4b5a

References

https://git.kernel.org/stable/c/9e9e710f68bac49bd9b587823...

https://git.kernel.org/stable/c/3f250b82040a72b0059ae0085...

https://git.kernel.org/stable/c/b662d858131da9a8a14e68661...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Jan 19, 2025