CVE-2024-26973

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26973

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26973.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-26973

Downstream

BELL-CVE-2024-26973

DEBIAN-CVE-2024-26973

DLA-3840-1

DLA-3842-1

DSA-5681-1

RHSA-2024:3618

RHSA-2024:3627

RHSA-2024:9315

RHSA-2025:8248

SUSE-SU-2024:2135-1

SUSE-SU-2024:2203-1

SUSE-SU-2024:2360-1

SUSE-SU-2024:2372-1

SUSE-SU-2024:2381-1

SUSE-SU-2024:2394-1

SUSE-SU-2024:2561-1

SUSE-SU-2024:2939-1

SUSE-SU-2024:2973-1

UBUNTU-CVE-2024-26973

USN-6816-1

USN-6817-1

USN-6817-2

USN-6817-3

USN-6878-1

USN-6896-1

USN-6896-2

USN-6896-3

USN-6896-4

USN-6896-5

USN-6898-1

USN-6898-2

USN-6898-3

USN-6898-4

USN-6917-1

USN-6919-1

USN-6927-1

USN-7019-1

Related

Published

2024-05-01T06:15:13Z

Modified

2025-08-09T19:01:28Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

fat: fix uninitialized field in nostale filehandles

When fatencodefh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length.

References

Affected packages