CVE-2024-42257

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.0

Description: The issue is related to the ext4 file system in the Linux kernel, specifically with the function ext4 ioctl getlabel() in the fs/ext4/ioctl.c module. It involves improper memory access beyond the allocated buffer, potentially affecting the confidentiality, integrity, and availability of protected information. The problem is also described as an improper null termination in ext4.h memtostr pad().

Recommendations: For Linux kernel versions prior to 6.10.0, upgrade to version 6.10.0 or later to mitigate the risk. As a temporary workaround, consider restricting access to the vulnerable ext4 file system until a patch is available. Avoid using the s volume name string in the affected struct ext4 super block until the issue is resolved.