PT-2024-28085 · Linux+4 · Linux Kernel+4

Konstantin Komarov

Published

2024-04-16

Updated

2025-01-13

CVE-2024-38624

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to an integer overflow in the fs/ntfs3 component of the Linux kernel. This overflow can occur in the expression vbo = 2 * vbo + skip. The vulnerability may allow an attacker to execute arbitrary code. The log read rst() function in fs/ntfs3/fslog.c is also mentioned as being related to the vulnerability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-04186

CVE-2024-38624

MGASA-2024-0263

MGASA-2024-0266

OESA-2024-1792

OESA-2024-1795

OESA-2024-1796

OESA-2024-1836

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Affected Products

Astra Linux

Linuxmint

Linux Kernel

Red Os

Ubuntu

PT-2024-28085 · Linux+4 · Linux Kernel+4

CVE-2024-38624

Weakness Enumeration

Related Identifiers

Affected Products

References · 683