CVE-2024-42084
ftruncate: pass a signed offset
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In the Linux kernel, the following vulnerability has been resolved:
ftruncate: pass a signed offset
The old ftruncate() syscall, using the 32-bit off_t misses a sign
extension when called in compat mode on 64-bit architectures. As a
result, passing a negative length accidentally succeeds in truncating
to file size between 2GiB and 4GiB.
Changing the type of the compat syscall to the signed compat_off_t
changes the behavior so it instead returns -EINVAL.
The native entry point, the truncate() syscall and the corresponding
loff_t based variants are all correct already and do not suffer
from this mistake.
An unexpected file truncate flaw was found when opening files with specific parameters in the Linux kernel's file-system. This vulnerability allows a local user to corrupt specific files when having access to these files.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-07-29 CVE Reserved
- 2024-07-29 CVE Published
- 2024-07-30 EPSS Updated
- 2024-11-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| https://git.kernel.org/stable/c/3f6d078d4accfff8b114f968259a060bfdc7c682 | Vuln. Introduced |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-42084 | 2024-11-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2300533 | 2024-11-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 4.19.317 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 4.19.317" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 5.4.279 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.4.279" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 5.10.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.10.221" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 5.15.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.15.162" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 6.1.97 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.1.97" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 6.6.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.6.37" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 6.9.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.9.8" | en |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.10" | en |
Affected
| ||||||