CVE-2024-53234

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the handling of NONHEAD !delta[1] lclusters in the erofs filesystem. The issue was reported by syzbot, which found a WARNING in iomap iter done. Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted images and filesystems created by pre-1.0 mkfs versions. The vulnerability led to inadequate decompressed lengths, impacting FIEMAP. The fix treats delta[1]==0 as delta[1]==1 to work around these legacy mkfs versions. Additionally, lclusterbits > 14 is considered illegal for compact indexes and will result in an error.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

AZL-68312

BDU:2025-12022

CVE-2024-53234

DLA-4076-1

DSA-5860-1

OESA-2025-1078

OESA-2025-1079

OPENSUSE-SU-2025_0117-1

OPENSUSE-SU-2025_0153-1

OPENSUSE-SU-2025_0154-1

SUSE-SU-2025:0117-1

SUSE-SU-2025:0153-1

SUSE-SU-2025:0154-1

SUSE-SU-2025:0289-1

SUSE-SU-2025:20165-1

SUSE-SU-2025:20166-1

SUSE-SU-2025:20248-1

SUSE-SU-2025:20249-1

USN-7276-1

USN-7277-1

USN-7310-1

USN-7449-1

USN-7449-2

USN-7450-1

USN-7451-1

USN-7452-1

USN-7453-1

USN-7468-1

USN-7523-1

USN-7524-1

Affected Products

Astra Linux

Debian

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

CVE-2024-53234

Weakness Enumeration

Related Identifiers

Affected Products

References · 2645