CVE-2024-43828

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-43828

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43828.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43828

Downstream

BELL-CVE-2024-43828

DEBIAN-CVE-2024-43828

DLA-3912-1

DLA-4008-1

OESA-2024-2077

OESA-2024-2078

OESA-2024-2080

OESA-2024-2296

RHSA-2025:6966

SUSE-SU-2024:3551-1

SUSE-SU-2024:3561-1

SUSE-SU-2024:3564-1

SUSE-SU-2024:3569-1

SUSE-SU-2024:3587-1

SUSE-SU-2024:3592-1

UBUNTU-CVE-2024-43828

USN-7100-1

USN-7100-2

USN-7123-1

USN-7144-1

USN-7154-1

USN-7154-2

USN-7155-1

USN-7156-1

USN-7194-1

USN-7196-1

Related

Published

2024-08-17T10:15:08Z

Modified

2025-08-09T19:01:28Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

ext4: fix infinite loop when replaying fast_commit

When doing fastcommit replay an infinite loop may occur due to an uninitialized extentstatus struct. ext4extdetermineinserthole() does not detect the replay and calls ext4esfindextentrange(), which will return immediately without initializing the 'es' variable.

Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039.

This commit fixes this issue by unconditionally initializing the structure in function ext4esfindextentrange().

Thanks to Zhang Yi, for figuring out the real problem!

References

Affected packages