PT-2024-7582 · Linux+6 · Linux Kernel+6

Martin Wilck

Published

2024-09-12

Updated

2025-09-29

CVE-2024-47682

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58

Description The issue is related to an off-by-one error in the sd read block characteristics() function. If a device returns page 0xb1 with a length of 8, this function may attempt an out-of-bounds memory access when accessing the zoned field at offset 8. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the sd read block characteristics() function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-14046

ALT-PU-2024-14268

AZL-51014

BDU:2024-08988

CVE-2024-47682

DLA-4008-1

MGASA-2024-0344

MGASA-2024-0345

OESA-2024-2522

OPENSUSE-SU-2024:14500-1

OPENSUSE-SU-2024_3984-1

OPENSUSE-SU-2024_3986-1

OPENSUSE-SU-2024_4315-1

OPENSUSE-SU-2024_4376-1

OPENSUSE-SU-2025:14705-1

SUSE-SU-2024:3984-1

SUSE-SU-2024:3986-1

SUSE-SU-2024:4315-1

SUSE-SU-2024:4318-1

SUSE-SU-2024:4364-1

SUSE-SU-2024:4376-1

SUSE-SU-2024:4387-1

SUSE-SU-2025:20163-1

SUSE-SU-2025:20164-1

SUSE-SU-2025:20246-1

SUSE-SU-2025:20247-1

USN-7276-1

USN-7277-1

USN-7301-1

USN-7303-1

USN-7303-2

USN-7303-3

USN-7304-1

USN-7310-1

USN-7311-1

USN-7384-1

USN-7384-2

USN-7385-1

USN-7386-1

USN-7403-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Linux Kernel

Red Os

Suse

Ubuntu

PT-2024-7582 · Linux+6 · Linux Kernel+6

CVE-2024-47682

Weakness Enumeration

Related Identifiers

Affected Products

References · 2471