CVE-2024-50013

exfat: fix memory leak in exfat_load_bitmap()

Description

In the Linux kernel, the following vulnerability has been resolved: exfat: fix memory leak in exfat_load_bitmap() If the first directory entry in the root directory is not a bitmap directory entry, 'bh' will not be released and reassigned, which will cause a memory leak.

Category

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/f692160d3e1e5450605071b8df8f7d08d9b09a83 patch
https://git.kernel.org/stable/c/ddf704c2ce3b73f38d2dd8cf1bb0f7ec038bdf63 patch
https://git.kernel.org/stable/c/4e1813e52f86eb8db0c6c9570251f2fcbc571f5d patch
https://git.kernel.org/stable/c/bf0b3b35259475d1fe377bcaa565488e26684f7a patch
https://git.kernel.org/stable/c/dca359db1eb37f334267ebd7e3cab9a66d191d5b patch
https://git.kernel.org/stable/c/89081e8407e637463db5880d168e3652fb9f4330 patch
https://git.kernel.org/stable/c/d2b537b3e533f28e0d97293fe9293161fe8cd137 patch

Frequently Asked Questions

What is the severity of CVE-2024-50013?
CVE-2024-50013 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50013?
To fix CVE-2024-50013, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50013 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-50013 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50013?
CVE-2024-50013 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.