Lucene search
Redhat.comRH:CVE-2024-42084HistoryJul 31, 2024 - 9:17 a.m.
CVE-2024-42084
2024-07-3109:17:30
redhat.com
access.redhat.com
8
linux kernel
ftruncate
vulnerability
resolved
signed offset
syscall
AI Score
7.2
Confidence
Low
In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake.
Related
cvelist
cvelist
CVE-2024-42084 ftruncate: pass a signed offset
2024-07-29 16:26:20
debiancve
debiancve
CVE-2024-42084
2024-07-29 17:15:11
vulnrichment
vulnrichment
CVE-2024-42084 ftruncate: pass a signed offset
2024-07-29 16:26:20
nvd
nvd
CVE-2024-42084
2024-07-29 17:15:11
cve
cve
CVE-2024-42084
2024-07-29 17:15:11
osv
osv
CVE-2024-42084
2024-07-29 17:15:11
openvas
openvas
Ubuntu: Security Advisory (USN-7003-3)
2024-09-16 00:00:00
Ubuntu: Security Advisory (USN-7003-1)
2024-09-12 00:00:00
Ubuntu: Security Advisory (USN-7003-2)
2024-09-12 00:00:00
nessus
nessus
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7003-3)
2024-09-13 00:00:00
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-7003-1)
2024-09-12 00:00:00
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-7003-2)
2024-09-12 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2024-09-11 00:00:00
Unbreakable Enterprise kernel security update
2024-09-10 00:00:00
Unbreakable Enterprise kernel security update
2024-09-12 00:00:00