CVE-2024-50248

MEDIUM

Linux Kernel < 6.6.60 - Out-of-Bounds Memory Access in NTFS3 Attribute Enumeration

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: ntfs3: Add bounds checking to mi_enum_attr() Added bounds checking to make sure that every attr don't stray beyond valid memory region.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html

Patch

https://git.kernel.org/stable/c/386613a44b858304a88529ade2ccc1e079a5fc56

Patch

https://git.kernel.org/stable/c/22cdf3be7d34f61a91b9e2966fec3a29f3871398

Patch

https://git.kernel.org/stable/c/809f9b419c75f8042c58434d2bfe849140643e9d

Patch

https://git.kernel.org/stable/c/556bdf27c2dd5c74a9caacbe524b943a6cd42d99

Scores

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 10.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119

Status published

Products (15)

linux/Kernel 5.15.0 - 6.1.120linux

linux/Kernel 6.2.0 - 6.6.60linux

linux/Kernel 6.7.0 - 6.11.7linux

Linux/Linux < 5.15

Linux/Linux 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e - 22cdf3be7d34f61a91b9e2966fec3a29f3871398

Linux/Linux 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e - 386613a44b858304a88529ade2ccc1e079a5fc56

Linux/Linux 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e - 556bdf27c2dd5c74a9caacbe524b943a6cd42d99

Linux/Linux 4534a70b7056fd4b9a1c6db5a4ce3c98546b291e - 809f9b419c75f8042c58434d2bfe849140643e9d

Linux/Linux 5.15

Linux/Linux 6.1.120 - 6.1.*

... and 5 more

Published Nov 09, 2024

Tracked Since Feb 18, 2026