CVE-2024-42084 ftruncate: pass a signed offset

2024-07-2916:26:20

Linux

www.cve.org

linux

kernel

ftruncate

vulnerability

fix

EPSS

Percentile

13.5%

JSON

In the Linux kernel, the following vulnerability has been resolved:

ftruncate: pass a signed offset

The old ftruncate() syscall, using the 32-bit off_t misses a sign
extension when called in compat mode on 64-bit architectures. As a
result, passing a negative length accidentally succeeds in truncating
to file size between 2GiB and 4GiB.

Changing the type of the compat syscall to the signed compat_off_t
changes the behavior so it instead returns -EINVAL.

The native entry point, the truncate() syscall and the corresponding
loff_t based variants are all correct already and do not suffer
from this mistake.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/open.c",
      "include/linux/compat.h",
      "include/linux/syscalls.h"
    ],
    "versions": [
      {
        "version": "3f6d078d4acc",
        "lessThan": "c329760749b5",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3f6d078d4acc",
        "lessThan": "f531d4bc6c55",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3f6d078d4acc",
        "lessThan": "84bf6b64a1a0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3f6d078d4acc",
        "lessThan": "dbb226d81cd0",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3f6d078d4acc",
        "lessThan": "5ae6af68410b",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3f6d078d4acc",
        "lessThan": "836359247b04",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3f6d078d4acc",
        "lessThan": "930a4c369f74",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "3f6d078d4acc",
        "lessThan": "4b8e88e563b5",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "fs/open.c",
      "include/linux/compat.h",
      "include/linux/syscalls.h"
    ],
    "versions": [
      {
        "version": "3.9",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.9",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.317",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.279",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.221",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.162",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.97",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.37",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.9.8",
        "lessThanOrEqual": "6.9.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]