CVE-2024-53147

exfat: fix out-of-bounds access of directory entries

Description

In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty.

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/a0120d6463368378539ef928cf067d02372efb8c
https://git.kernel.org/stable/c/3ddd1cb2b458ff6a193bc845f408dfff217db29e
https://git.kernel.org/stable/c/184fa506e392eb78364d9283c961217ff2c0617b

Frequently Asked Questions

What is the severity of CVE-2024-53147?
CVE-2024-53147 has not yet been assigned a CVSS score.
How to fix CVE-2024-53147?
To fix CVE-2024-53147, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-53147 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-53147 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-53147?
CVE-2024-53147 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.