CVE-2024-42299

fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed

Severity Score

"-"

*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In the Linux kernel, the following vulnerability has been resolved:

fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed

If an NTFS file system is mounted to another system with different
PAGE_SIZE from the original system, log->page_size will change in
log_replay(), but log->page_{mask,bits} don't change correspondingly.
This will cause a panic because "u32 bytes = log->page_size - page_off"
will get a negative value in the later read_log_page().

*Credits: N/A

CVSS Scores

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-07-30 CVE Reserved
2024-08-17 CVE Published
2024-08-18 EPSS Updated
2024-09-15 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (6)

URL	Tag	Source
https://git.kernel.org/stable/c/b46acd6a6a627d876898e1c84d3f84902264b445	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9	2024-08-19
https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521	2024-08-03
https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f	2024-08-03
https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420	2024-08-03
https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696	2024-07-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 5.15.165 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 5.15.165"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.1.103 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.1.103"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.6.44 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.6.44"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.10.3 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.10.3"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 5.15 < 6.11 Search vendor "Linux" for product "Linux Kernel" and version " >= 5.15 < 6.11"		en		Affected