CVE-2024-42084

ftruncate: pass a signed offset

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

MITRE

In the Linux kernel, the following vulnerability has been resolved:

ftruncate: pass a signed offset

The old ftruncate() syscall, using the 32-bit off_t misses a sign
extension when called in compat mode on 64-bit architectures. As a
result, passing a negative length accidentally succeeds in truncating
to file size between 2GiB and 4GiB.

Changing the type of the compat syscall to the signed compat_off_t
changes the behavior so it instead returns -EINVAL.

The native entry point, the truncate() syscall and the corresponding
loff_t based variants are all correct already and do not suffer
from this mistake.

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-29 CVE Reserved
2024-07-29 CVE Published
2024-07-30 EPSS Updated
2024-09-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (9)

URL	Tag	Source
https://git.kernel.org/stable/c/3f6d078d4accfff8b114f968259a060bfdc7c682	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c329760749b5419769e57cb2be80955d2805f9c9	2024-07-05
https://git.kernel.org/stable/c/f531d4bc6c5588d713359e42ed65e46816d841d8	2024-07-05
https://git.kernel.org/stable/c/84bf6b64a1a0dfc6de7e1b1c776d58d608e7865a	2024-07-05
https://git.kernel.org/stable/c/dbb226d81cd02cee140139c2369791e6f61f2007	2024-07-05
https://git.kernel.org/stable/c/5ae6af68410bdad6181ec82104bb9985a7a6a0fa	2024-07-05
https://git.kernel.org/stable/c/836359247b0403e0634bfbc83e5bb8063fad287a	2024-07-05
https://git.kernel.org/stable/c/930a4c369f74da26816eaaa71b5888d29b759c27	2024-07-05
https://git.kernel.org/stable/c/4b8e88e563b5f666446d002ad0dc1e6e8e7102b0	2024-06-24

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 4.19.317 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 4.19.317"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 5.4.279 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.4.279"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 5.10.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.10.221"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 5.15.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.15.162"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 6.1.97 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.1.97"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 6.6.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.6.37"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 6.9.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.9.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.10"		en		Affected