PT-2024-6752 · Linux+6 · Linux Kernel+6

Justin Stitt

Published

2024-05-07

Updated

2025-09-29

CVE-2024-41000

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8.0-rc2-00035-gb3ef86b5a957

Description: The vulnerability is related to a signed integer overflow in the block/ioctl.c file of the Linux kernel. This issue was identified using the syzkaller tool with the newly reintroduced signed integer overflow sanitizer. The overflow occurs when the value 9223372036854775807 is added to 4095, resulting in a value that cannot be represented in the 'long long' type. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-11524

ALT-PU-2024-12537

ALT-PU-2024-13979

ALT-PU-2024-14046

ALT-PU-2024-9967

BDU:2024-07965

CVE-2024-41000

DLA-4008-1

DSA-5730-1

DSA-5731-1

OPENSUSE-SU-2024_3190-1

OPENSUSE-SU-2024_3209-1

OPENSUSE-SU-2024_3483-1

SUSE-SU-2024:3190-1

SUSE-SU-2024:3194-1

SUSE-SU-2024:3195-1

SUSE-SU-2024:3209-1

SUSE-SU-2024:3383-1

SUSE-SU-2024:3483-1

SUSE-SU-2024:3566-1

SUSE-SU-2025:20044-1

SUSE-SU-2025:20047-1

USN-6999-1

USN-6999-2

USN-7004-1

USN-7005-1

USN-7005-2

USN-7007-1

USN-7007-2

USN-7007-3

USN-7008-1

USN-7009-1

USN-7009-2

USN-7019-1

USN-7029-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-6752 · Linux+6 · Linux Kernel+6

CVE-2024-41000

Weakness Enumeration

Related Identifiers

Affected Products

References · 1921