PT-2024-6982 · Linux+9 · Linux Kernel+9

Lizhi Xu

+1

·

Published

2024-08-13

·

Updated

2025-11-12

·

CVE-2024-46744

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description The issue is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events:
  1. squashfs read inode() is called to read the symbolic link from disk, assigning a corrupted value to inode->i size.
  2. Later squashfs symlink read folio() is called, which assigns this corrupted value to the length variable, a signed int that overflows producing a negative number.
  3. The loop that fills in the page contents checks that the copied bytes are less than length, which being negative means the loop is skipped, producing an uninitialised page. This patch adds a sanity check which checks that the symbolic link size is not larger than expected.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALSA-2025:20518
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALSA-2025_18281
ALSA-2025_19102
ALSA-2025_19103
ALSA-2025_19409
ALSA-2025_20518
ALT-PU-2024-12535
ALT-PU-2024-12541
ALT-PU-2024-13121
ALT-PU-2024-13979
ALT-PU-2024-14046
ALT-PU-2024-15824
AZL-49764
BDU:2024-08231
CVE-2024-46744
DLA-3912-1
DLA-4008-1
DSA-5782-1
INFSA-2025_20518
MGASA-2024-0316
MGASA-2024-0318
OESA-2024-2181
OESA-2024-2182
OESA-2024-2183
OESA-2024-2184
OESA-2024-2185
OPENSUSE-SU-2024_3551-1
OPENSUSE-SU-2024_3561-1
OPENSUSE-SU-2024_3564-1
OPENSUSE-SU-2024_3587-1
OPENSUSE-SU-2024_3592-1
RHSA-2025:20518
RHSA-2025_20518
SUSE-SU-2024:3551-1
SUSE-SU-2024:3553-1
SUSE-SU-2024:3559-1
SUSE-SU-2024:3561-1
SUSE-SU-2024:3564-1
SUSE-SU-2024:3566-1
SUSE-SU-2024:3569-1
SUSE-SU-2024:3587-1
SUSE-SU-2024:3591-1
SUSE-SU-2024:3592-1
SUSE-SU-2025:20073-1
SUSE-SU-2025:20077-1
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu