CVE-2024-42084

Updated: 2024-09-30 21:54:40.632575

Description:

In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x MEDIUM 5.7

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU kernel 5.14.0 5.7 MEDIUM Ignored 2024-09-25 12:26:12
AlmaLinux 9.2 FIPS kernel 5.14.0 5.7 MEDIUM Ignored 2024-09-25 12:26:12
CentOS 6 ELS kernel 2.6.32 5.7 MEDIUM Ignored 2024-09-25 12:26:12
CentOS 7 ELS kernel 3.10.0 5.7 MEDIUM Ignored 2024-09-25 12:26:12
CentOS 8.4 ELS kernel 4.18.0 5.7 MEDIUM Released CLSA-2024:1727690947 2024-09-30 10:47:47
CentOS 8.5 ELS kernel 4.18.0 5.7 MEDIUM Released CLSA-2024:1727690025 2024-09-30 10:47:48
CentOS Stream 8 ELS kernel 4.18.0 5.7 MEDIUM Released CLSA-2024:1727815919 2024-10-01 17:28:07
CloudLinux 6 ELS kernel 2.6.32 5.7 MEDIUM Ignored 2024-09-25 12:26:12
CloudLinux 7 ELS kernel 3.10.0 5.7 MEDIUM Ignored 2024-09-25 12:26:10
Oracle Linux 6 ELS kernel 2.6.32 5.7 MEDIUM Ignored 2024-09-25 12:26:10
Total: 13