CVE-2024-42299

fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed

Description

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed If an NTFS file system is mounted to another system with different PAGE_SIZE from the original system, log->page_size will change in log_replay(), but log->page_{mask,bits} don't change correspondingly. This will cause a panic because "u32 bytes = log->page_size - page_off" will get a negative value in the later read_log_page().

N/A
CVSS
Severity:
EPSS 0.10%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/0484adcb5fbcadd9ba0fd4485c42630f72e97da9
https://git.kernel.org/stable/c/b90ceffdc975502bc085ce8e79c6adeff05f9521
https://git.kernel.org/stable/c/2cac0df3324b5e287d8020bc0708f7d2dec88a6f
https://git.kernel.org/stable/c/0a4ae2644e2a3b3b219aad9639fb2b0691d08420
https://git.kernel.org/stable/c/2fef55d8f78383c8e6d6d4c014b9597375132696

Frequently Asked Questions

What is the severity of CVE-2024-42299?
CVE-2024-42299 has not yet been assigned a CVSS score.
How to fix CVE-2024-42299?
To fix CVE-2024-42299, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-42299 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-42299 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-42299?
CVE-2024-42299 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.