CVE-2024-43828

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 17, 2024
Updated: Aug 19, 2024
CWE ID 835

Summary

CVE-2024-43828 is a vulnerability identified in the Linux kernel that could lead to an infinite loop during the fast_commit replay process. This issue arises due to an uninitialized extent_status struct in the function ext4_es_find_extent_range(). The vulnerability occurs when ext4_ext_determine_insert_hole() fails to detect the replay and calls ext4_es_find_extent_range() without initializing the 'es' variable. As a result, 'es' contains garbage data, causing an integer overflow and triggering an infinite loop. The issue has been resolved by unconditionally initializing the struct in ext4_es_find_extent_range(). Kudos to Zhang Yi for discovering and reporting this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share