CVE-2024-42257

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 8, 2024
Updated: Sep 6, 2024

Summary

CVE-2024-42257 is a newly identified vulnerability in the Linux kernel. This issue affects the ext4 file system's super block, specifically the s_volume_name variable. The problem stems from the fact that s_volume_name is not null-terminated, and the previous use of strscpy() was not the optimal solution. Instead, memtostr_pad() should have been employed to ensure proper string handling and avoid potential security risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share