2324320 – (CVE-2024-50143) CVE-2024-50143 kernel: udf: fix uninit-value use in udf_get_fileshortad

Bug 2324320 (CVE-2024-50143) - CVE-2024-50143 kernel: udf: fix uninit-value use in udf_get_fileshortad

Summary: CVE-2024-50143 kernel: udf: fix uninit-value use in udf_get_fileshortad

Keywords:
Status:	NEW
Alias:	CVE-2024-50143
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2024-11-07 10:01 UTC by OSIDB Bzimport
Modified:	2025-05-13 08:33 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:6966	0	None	None	None	2025-05-13 08:33:11 UTC

Description OSIDB Bzimport 2024-11-07 10:01:40 UTC

In the Linux kernel, the following vulnerability has been resolved:

udf: fix uninit-value use in udf_get_fileshortad

Check for overflow when computing alen in udf_current_aext to mitigate
later uninit-value use in udf_get_fileshortad KMSAN bug[1].
After applying the patch reproducer did not trigger any issue[2].

[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df
[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000

Comment 1 Robb Gatica 2024-11-07 16:18:22 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024110743-CVE-2024-50143-4678@gregkh/T

Comment 2 errata-xmlrpc 2025-05-13 08:33:10 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:6966 https://access.redhat.com/errata/RHSA-2025:6966

Note You need to log in before you can comment on or make changes to this bug.