CVE-2024-26973
MEDIUMLinux kernel - Info Disclosure
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length.
References (11)
Scores
CVSS v3
5.5
EPSS
0.0001
EPSS Percentile
0.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Classification
CWE
CWE-908
Status
published
Affected Products (10)
linux/linux_kernel
< 4.19.312
debian/debian_linux
linux/Kernel
< 4.19.312linux
linux/Kernel
< 5.4.274linux
linux/Kernel
< 5.10.215linux
linux/Kernel
< 5.15.154linux
linux/Kernel
< 6.1.84linux
linux/Kernel
< 6.6.24linux
linux/Kernel
< 6.7.12linux
linux/Kernel
< 6.8.3linux
Timeline
Published
May 01, 2024
Tracked Since
Feb 18, 2026