• CVE-2024-43828

发布时间: 2024年8月30日

修改时间: 2024年10月25日

概要

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable. Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039. This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range(). Thanks to Zhang Yi, for figuring out the real problem!

CVSS v3 指标

NVD openEuler
Confidentiality None None
Attack Vector Local Local
CVSS评分 5.5 5.5
Attack Complexity Low Low
Privileges Required Low Low
Scope Unchanged Unchanged
Integrity None None
User Interaction None None
Availability High High

安全公告

公告名 概要 发布时间
KylinSec-SA-2024-4977 kernel security update 2025年2月28日

影响产品

产品 状态
KY3.5.2 kernel Fixed
V6 kernel Fixed
KY3.5.3 kernel Fixed