CVE-2024-57940
MEDIUMLinux Kernel - Denial of Service via Infinite Loop in exfat_readdir()
Title source: llmDescription
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented, causing condition 'dentry < max_dentries' unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs(). This commit stops traversing the cluster chain when there is unused directory entry in the cluster to avoid this infinite loop.
References (10)
Core 10
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-503939.html
Scores
CVSS v3
5.5
EPSS
0.0021
EPSS Percentile
11.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (21)
linux/Kernel
5.11.0 - 5.15.177linux
linux/Kernel
5.16.0 - 6.1.125linux
linux/Kernel
5.7.0 - 5.10.234linux
linux/Kernel
6.2.0 - 6.6.72linux
linux/Kernel
6.7.0 - 6.12.10linux
Linux/Linux
< 5.7
Linux/Linux
5.10.234 - 5.10.*
Linux/Linux
5.15.177 - 5.15.*
Linux/Linux
5.7
Linux/Linux
6.1.125 - 6.1.*
... and 11 more
Published
Jan 21, 2025
Tracked Since
Feb 18, 2026