vulnerability

Oracle Linux: CVE-2024-42084: ELSA-2024-12610: Unbreakable Enterprise kernel security update (IMPORTANT) (Multiple Advisories)

Severity
5
CVSS
(AV:L/AC:H/Au:M/C:C/I:C/A:N)
Published
2024-07-29
Added
2024-10-16
Modified
2025-01-23

Description

In the Linux kernel, the following vulnerability has been resolved:
ftruncate: pass a signed offset
The old ftruncate() syscall, using the 32-bit off_t misses a sign
extension when called in compat mode on 64-bit architectures. As a
result, passing a negative length accidentally succeeds in truncating
to file size between 2GiB and 4GiB.
Changing the type of the compat syscall to the signed compat_off_t
changes the behavior so it instead returns -EINVAL.
The native entry point, the truncate() syscall and the corresponding
loff_t based variants are all correct already and do not suffer
from this mistake.

Solution(s)

oracle-linux-upgrade-kerneloracle-linux-upgrade-kernel-uek
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.