CVE-2024-42084

ftruncate: pass a signed offset

Severity Score

5.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign
extension when called in compat mode on 64-bit architectures. As a
result, passing a negative length accidentally succeeds in truncating
to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t
changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding
loff_t based variants are all correct already and do not suffer
from this mistake.

An unexpected file truncate flaw was found when opening files with specific parameters in the Linux kernel's file-system. This vulnerability allows a local user to corrupt specific files when having access to these files.

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake.

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Local

Attack Complexity

High

Authentication

Multiple

Confidentiality

Complete

Integrity

Complete

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-29 CVE Reserved
2024-07-29 CVE Published
2024-12-19 CVE Updated
2025-03-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

CAPEC

References (11)

URL	Tag	Source
https://git.kernel.org/stable/c/3f6d078d4accfff8b114f968259a060bfdc7c682	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c329760749b5419769e57cb2be80955d2805f9c9	2024-07-05
https://git.kernel.org/stable/c/f531d4bc6c5588d713359e42ed65e46816d841d8	2024-07-05
https://git.kernel.org/stable/c/84bf6b64a1a0dfc6de7e1b1c776d58d608e7865a	2024-07-05
https://git.kernel.org/stable/c/dbb226d81cd02cee140139c2369791e6f61f2007	2024-07-05
https://git.kernel.org/stable/c/5ae6af68410bdad6181ec82104bb9985a7a6a0fa	2024-07-05
https://git.kernel.org/stable/c/836359247b0403e0634bfbc83e5bb8063fad287a	2024-07-05
https://git.kernel.org/stable/c/930a4c369f74da26816eaaa71b5888d29b759c27	2024-07-05
https://git.kernel.org/stable/c/4b8e88e563b5f666446d002ad0dc1e6e8e7102b0	2024-06-24

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2024-42084	2025-03-26
https://bugzilla.redhat.com/show_bug.cgi?id=2300533	2025-03-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 4.19.317 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 4.19.317"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 5.4.279 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.4.279"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 5.10.221 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.10.221"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 5.15.162 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 5.15.162"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 6.1.97 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.1.97"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 6.6.37 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.6.37"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 6.9.8 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.9.8"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.9 < 6.10 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 6.10"		en		Affected