PT-2024-29861 · Linux+6 · Linux Kernel+6

Syzbot

·

Published

2024-06-25

·

Updated

2025-09-29

·

CVE-2024-42311

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The vulnerability is related to the Linux kernel's hfs file system. It is caused by the failure to initialize certain fields in the hfs inode info struct after calling hfs alloc inode(). This can lead to an uninitialized value access issue, as reported by Syzbot. The issue is related to the hfs revalidate dentry() and hfs get block() functions. The vulnerability can be exploited to cause a denial of service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-11345
ALT-PU-2024-11855
ALT-PU-2024-11863
ALT-PU-2024-12232
ALT-PU-2024-12537
ALT-PU-2024-13121
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-48486
BDU:2025-01429
CVE-2024-42311
DLA-3912-1
DLA-4008-1
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2109
OESA-2024-2123
OESA-2024-2125
OESA-2024-2126
OESA-2024-2296
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1
USN-7233-1
USN-7233-2
USN-7233-3
USN-7262-1
USN-7262-2

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu