CVE-2024-56548 (GCVE-0-2024-56548)

Vulnerability from cvelistv5 – Published: 2024-12-27 14:11 – Updated: 2026-05-23 15:55
VLAI
Title
hfsplus: don't query the device logical block size multiple times
Summary
In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size. Using a new min_io_size initally set to sb_min_blocksize works for the purposes of the original fix, since it will be set to the max between HFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the max between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not initialized. Tested by mounting an hfsplus filesystem with loop block sizes 512, 1024 and 4096. The produced KASAN report before the fix looks like this: [ 419.944641] ================================================================== [ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a [ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678 [ 419.947612] [ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84 [ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 419.950035] Call Trace: [ 419.950384] <TASK> [ 419.950676] dump_stack_lvl+0x57/0x78 [ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.951830] print_report+0x14c/0x49e [ 419.952361] ? __virt_addr_valid+0x267/0x278 [ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d [ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.954231] kasan_report+0x89/0xb0 [ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.955367] hfsplus_read_wrapper+0x659/0xa0a [ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10 [ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9 [ 419.957214] ? _raw_spin_unlock+0x1a/0x2e [ 419.957772] hfsplus_fill_super+0x348/0x1590 [ 419.958355] ? hlock_class+0x4c/0x109 [ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.959499] ? __pfx_string+0x10/0x10 [ 419.960006] ? lock_acquire+0x3e2/0x454 [ 419.960532] ? bdev_name.constprop.0+0xce/0x243 [ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10 [ 419.961799] ? pointer+0x3f0/0x62f [ 419.962277] ? __pfx_pointer+0x10/0x10 [ 419.962761] ? vsnprintf+0x6c4/0xfba [ 419.963178] ? __pfx_vsnprintf+0x10/0x10 [ 419.963621] ? setup_bdev_super+0x376/0x3b3 [ 419.964029] ? snprintf+0x9d/0xd2 [ 419.964344] ? __pfx_snprintf+0x10/0x10 [ 419.964675] ? lock_acquired+0x45c/0x5e9 [ 419.965016] ? set_blocksize+0x139/0x1c1 [ 419.965381] ? sb_set_blocksize+0x6d/0xae [ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.966179] mount_bdev+0x12f/0x1bf [ 419.966512] ? __pfx_mount_bdev+0x10/0x10 [ 419.966886] ? vfs_parse_fs_string+0xce/0x111 [ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10 [ 419.968073] legacy_get_tree+0x104/0x178 [ 419.968414] vfs_get_tree+0x86/0x296 [ 419.968751] path_mount+0xba3/0xd0b [ 419.969157] ? __pfx_path_mount+0x10/0x10 [ 419.969594] ? kmem_cache_free+0x1e2/0x260 [ 419.970311] do_mount+0x99/0xe0 [ 419.970630] ? __pfx_do_mount+0x10/0x10 [ 419.971008] __do_sys_mount+0x199/0x1c9 [ 419.971397] do_syscall_64+0xd0/0x135 [ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 419.972233] RIP: 0033:0x7c3cb812972e [ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48 [ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e [ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI: ---truncated---
Severity
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < f57725bcc5816425e25218fdf5fb6923bc578cdf (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 06cbfbb13ac88f4154c2eb4bc4176f9d10139847 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 3d7bda75e1a6239db053c73acde17ca146317824 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 21900e8478126ff6afe3b66679f676e74d1f8830 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 2667c9b7b76efcbc7adbfea249892f20c313b0da (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < bfeecda050aa9376f642d5b2a71c4112cc6c8216 (git)
Affected: 6596528e391ad978a6a120142cba97a1d7324cb6 , < 1c82587cb57687de3f18ab4b98a8850c789bedcf (git)
Affected: c53c89aba3ebdfc3e9acdb18bb5ee9d2f8a328d0 (git)
Affected: 3.0.8 , < 3.1 (semver)
Create a notification for this product.
Linux Linux Affected: 3.1
Unaffected: 0 , < 3.1 (semver)
Unaffected: 4.19.325 , ≤ 4.19.* (semver)
Unaffected: 5.4.287 , ≤ 5.4.* (semver)
Unaffected: 5.10.231 , ≤ 5.10.* (semver)
Unaffected: 5.15.174 , ≤ 5.15.* (semver)
Unaffected: 6.1.120 , ≤ 6.1.* (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.11.11 , ≤ 6.11.* (semver)
Unaffected: 6.12.2 , ≤ 6.12.* (semver)
Unaffected: 6.13 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-56548",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-01T20:02:19.622310Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-01T20:07:16.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:49:23.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/hfsplus_fs.h",
            "fs/hfsplus/wrapper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "f57725bcc5816425e25218fdf5fb6923bc578cdf",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "06cbfbb13ac88f4154c2eb4bc4176f9d10139847",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "3d7bda75e1a6239db053c73acde17ca146317824",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "21900e8478126ff6afe3b66679f676e74d1f8830",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "2667c9b7b76efcbc7adbfea249892f20c313b0da",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "bfeecda050aa9376f642d5b2a71c4112cc6c8216",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "lessThan": "1c82587cb57687de3f18ab4b98a8850c789bedcf",
              "status": "affected",
              "version": "6596528e391ad978a6a120142cba97a1d7324cb6",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c53c89aba3ebdfc3e9acdb18bb5ee9d2f8a328d0",
              "versionType": "git"
            },
            {
              "lessThan": "3.1",
              "status": "affected",
              "version": "3.0.8",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/hfsplus/hfsplus_fs.h",
            "fs/hfsplus/wrapper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.325",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.287",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.231",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.174",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.120",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.11.*",
              "status": "unaffected",
              "version": "6.11.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.13",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.325",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.287",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.231",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.174",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.120",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.11.11",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.2",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.0.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfsplus: don\u0027t query the device logical block size multiple times\n\nDevices block sizes may change. One of these cases is a loop device by\nusing ioctl LOOP_SET_BLOCK_SIZE.\n\nWhile this may cause other issues like IO being rejected, in the case of\nhfsplus, it will allocate a block by using that size and potentially write\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\nlatter function reads a different io_size.\n\nUsing a new min_io_size initally set to sb_min_blocksize works for the\npurposes of the original fix, since it will be set to the max between\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\ninitialized.\n\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\nand 4096.\n\nThe produced KASAN report before the fix looks like this:\n\n[  419.944641] ==================================================================\n[  419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\n[  419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\n[  419.947612]\n[  419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\n[  419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[  419.950035] Call Trace:\n[  419.950384]  \u003cTASK\u003e\n[  419.950676]  dump_stack_lvl+0x57/0x78\n[  419.951212]  ? hfsplus_read_wrapper+0x659/0xa0a\n[  419.951830]  print_report+0x14c/0x49e\n[  419.952361]  ? __virt_addr_valid+0x267/0x278\n[  419.952979]  ? kmem_cache_debug_flags+0xc/0x1d\n[  419.953561]  ? hfsplus_read_wrapper+0x659/0xa0a\n[  419.954231]  kasan_report+0x89/0xb0\n[  419.954748]  ? hfsplus_read_wrapper+0x659/0xa0a\n[  419.955367]  hfsplus_read_wrapper+0x659/0xa0a\n[  419.955948]  ? __pfx_hfsplus_read_wrapper+0x10/0x10\n[  419.956618]  ? do_raw_spin_unlock+0x59/0x1a9\n[  419.957214]  ? _raw_spin_unlock+0x1a/0x2e\n[  419.957772]  hfsplus_fill_super+0x348/0x1590\n[  419.958355]  ? hlock_class+0x4c/0x109\n[  419.958867]  ? __pfx_hfsplus_fill_super+0x10/0x10\n[  419.959499]  ? __pfx_string+0x10/0x10\n[  419.960006]  ? lock_acquire+0x3e2/0x454\n[  419.960532]  ? bdev_name.constprop.0+0xce/0x243\n[  419.961129]  ? __pfx_bdev_name.constprop.0+0x10/0x10\n[  419.961799]  ? pointer+0x3f0/0x62f\n[  419.962277]  ? __pfx_pointer+0x10/0x10\n[  419.962761]  ? vsnprintf+0x6c4/0xfba\n[  419.963178]  ? __pfx_vsnprintf+0x10/0x10\n[  419.963621]  ? setup_bdev_super+0x376/0x3b3\n[  419.964029]  ? snprintf+0x9d/0xd2\n[  419.964344]  ? __pfx_snprintf+0x10/0x10\n[  419.964675]  ? lock_acquired+0x45c/0x5e9\n[  419.965016]  ? set_blocksize+0x139/0x1c1\n[  419.965381]  ? sb_set_blocksize+0x6d/0xae\n[  419.965742]  ? __pfx_hfsplus_fill_super+0x10/0x10\n[  419.966179]  mount_bdev+0x12f/0x1bf\n[  419.966512]  ? __pfx_mount_bdev+0x10/0x10\n[  419.966886]  ? vfs_parse_fs_string+0xce/0x111\n[  419.967293]  ? __pfx_vfs_parse_fs_string+0x10/0x10\n[  419.967702]  ? __pfx_hfsplus_mount+0x10/0x10\n[  419.968073]  legacy_get_tree+0x104/0x178\n[  419.968414]  vfs_get_tree+0x86/0x296\n[  419.968751]  path_mount+0xba3/0xd0b\n[  419.969157]  ? __pfx_path_mount+0x10/0x10\n[  419.969594]  ? kmem_cache_free+0x1e2/0x260\n[  419.970311]  do_mount+0x99/0xe0\n[  419.970630]  ? __pfx_do_mount+0x10/0x10\n[  419.971008]  __do_sys_mount+0x199/0x1c9\n[  419.971397]  do_syscall_64+0xd0/0x135\n[  419.971761]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  419.972233] RIP: 0033:0x7c3cb812972e\n[  419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\n[  419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\n[  419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\n[  419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:55:37.481Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/f57725bcc5816425e25218fdf5fb6923bc578cdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866"
        },
        {
          "url": "https://git.kernel.org/stable/c/06cbfbb13ac88f4154c2eb4bc4176f9d10139847"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d7bda75e1a6239db053c73acde17ca146317824"
        },
        {
          "url": "https://git.kernel.org/stable/c/21900e8478126ff6afe3b66679f676e74d1f8830"
        },
        {
          "url": "https://git.kernel.org/stable/c/2667c9b7b76efcbc7adbfea249892f20c313b0da"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfeecda050aa9376f642d5b2a71c4112cc6c8216"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c82587cb57687de3f18ab4b98a8850c789bedcf"
        }
      ],
      "title": "hfsplus: don\u0027t query the device logical block size multiple times",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-56548",
    "datePublished": "2024-12-27T14:11:29.373Z",
    "dateReserved": "2024-12-27T14:03:05.989Z",
    "dateUpdated": "2026-05-23T15:55:37.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2024-56548",
      "date": "2026-06-04",
      "epss": "0.00021",
      "percentile": "0.06248"
    },
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhfsplus: don\u0027t query the device logical block size multiple times\\n\\nDevices block sizes may change. One of these cases is a loop device by\\nusing ioctl LOOP_SET_BLOCK_SIZE.\\n\\nWhile this may cause other issues like IO being rejected, in the case of\\nhfsplus, it will allocate a block by using that size and potentially write\\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\\nlatter function reads a different io_size.\\n\\nUsing a new min_io_size initally set to sb_min_blocksize works for the\\npurposes of the original fix, since it will be set to the max between\\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\\ninitialized.\\n\\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\\nand 4096.\\n\\nThe produced KASAN report before the fix looks like this:\\n\\n[  419.944641] ==================================================================\\n[  419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\\n[  419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\\n[  419.947612]\\n[  419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\\n[  419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\\n[  419.950035] Call Trace:\\n[  419.950384]  \u003cTASK\u003e\\n[  419.950676]  dump_stack_lvl+0x57/0x78\\n[  419.951212]  ? hfsplus_read_wrapper+0x659/0xa0a\\n[  419.951830]  print_report+0x14c/0x49e\\n[  419.952361]  ? __virt_addr_valid+0x267/0x278\\n[  419.952979]  ? kmem_cache_debug_flags+0xc/0x1d\\n[  419.953561]  ? hfsplus_read_wrapper+0x659/0xa0a\\n[  419.954231]  kasan_report+0x89/0xb0\\n[  419.954748]  ? hfsplus_read_wrapper+0x659/0xa0a\\n[  419.955367]  hfsplus_read_wrapper+0x659/0xa0a\\n[  419.955948]  ? __pfx_hfsplus_read_wrapper+0x10/0x10\\n[  419.956618]  ? do_raw_spin_unlock+0x59/0x1a9\\n[  419.957214]  ? _raw_spin_unlock+0x1a/0x2e\\n[  419.957772]  hfsplus_fill_super+0x348/0x1590\\n[  419.958355]  ? hlock_class+0x4c/0x109\\n[  419.958867]  ? __pfx_hfsplus_fill_super+0x10/0x10\\n[  419.959499]  ? __pfx_string+0x10/0x10\\n[  419.960006]  ? lock_acquire+0x3e2/0x454\\n[  419.960532]  ? bdev_name.constprop.0+0xce/0x243\\n[  419.961129]  ? __pfx_bdev_name.constprop.0+0x10/0x10\\n[  419.961799]  ? pointer+0x3f0/0x62f\\n[  419.962277]  ? __pfx_pointer+0x10/0x10\\n[  419.962761]  ? vsnprintf+0x6c4/0xfba\\n[  419.963178]  ? __pfx_vsnprintf+0x10/0x10\\n[  419.963621]  ? setup_bdev_super+0x376/0x3b3\\n[  419.964029]  ? snprintf+0x9d/0xd2\\n[  419.964344]  ? __pfx_snprintf+0x10/0x10\\n[  419.964675]  ? lock_acquired+0x45c/0x5e9\\n[  419.965016]  ? set_blocksize+0x139/0x1c1\\n[  419.965381]  ? sb_set_blocksize+0x6d/0xae\\n[  419.965742]  ? __pfx_hfsplus_fill_super+0x10/0x10\\n[  419.966179]  mount_bdev+0x12f/0x1bf\\n[  419.966512]  ? __pfx_mount_bdev+0x10/0x10\\n[  419.966886]  ? vfs_parse_fs_string+0xce/0x111\\n[  419.967293]  ? __pfx_vfs_parse_fs_string+0x10/0x10\\n[  419.967702]  ? __pfx_hfsplus_mount+0x10/0x10\\n[  419.968073]  legacy_get_tree+0x104/0x178\\n[  419.968414]  vfs_get_tree+0x86/0x296\\n[  419.968751]  path_mount+0xba3/0xd0b\\n[  419.969157]  ? __pfx_path_mount+0x10/0x10\\n[  419.969594]  ? kmem_cache_free+0x1e2/0x260\\n[  419.970311]  do_mount+0x99/0xe0\\n[  419.970630]  ? __pfx_do_mount+0x10/0x10\\n[  419.971008]  __do_sys_mount+0x199/0x1c9\\n[  419.971397]  do_syscall_64+0xd0/0x135\\n[  419.971761]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n[  419.972233] RIP: 0033:0x7c3cb812972e\\n[  419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\\n[  419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\\n[  419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\\n[  419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\\n---truncated---\"}, {\"lang\": \"es\", \"value\": \"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hfsplus: no consultar el tama\\u00f1o del bloque l\\u00f3gico del dispositivo varias veces Los tama\\u00f1os de bloque de los dispositivos pueden cambiar. Uno de estos casos es un dispositivo de bucle mediante el uso de ioctl LOOP_SET_BLOCK_SIZE. Si bien esto puede causar otros problemas como el rechazo de IO, en el caso de hfsplus, asignar\\u00e1 un bloque utilizando ese tama\\u00f1o y potencialmente escribir\\u00e1 fuera de los l\\u00edmites cuando hfsplus_read_wrapper llame a hfsplus_submit_bio y la \\u00faltima funci\\u00f3n lea un io_size diferente. El uso de un nuevo min_io_size establecido inicialmente en sb_min_blocksize funciona para los prop\\u00f3sitos de la soluci\\u00f3n original, ya que se establecer\\u00e1 en el m\\u00e1ximo entre HFSPLUS_SECTOR_SIZE y el primer tama\\u00f1o de bloque l\\u00f3gico visto. Todav\\u00eda usamos el m\\u00e1ximo entre HFSPLUS_SECTOR_SIZE y min_io_size en caso de que este \\u00faltimo no est\\u00e9 inicializado. Probado montando un sistema de archivos hfsplus con tama\\u00f1os de bloque de bucle 512, 1024 y 4096. El informe KASAN producido antes de la correcci\\u00f3n se ve as\\u00ed: [ 419.944641] ========================================================================= [ 419.945655] ERROR: KASAN: slab-use-after-free en hfsplus_read_wrapper+0x659/0xa0a [ 419.946703] Lectura de tama\\u00f1o 2 en la direcci\\u00f3n ffff88800721fc00 por la tarea repro/10678 [ 419.947612] [ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro No contaminado 6.12.0-rc5-00008-gdf56e0f2f3ca #84 [ 419.949007] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 419.950035] Seguimiento de llamadas: [ 419.950384]  [ 419.950676] dump_stack_lvl+0x57/0x78 [ 419.951212] ? kmem_cache_debug_flags+0xc/0x1d [ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.954231] kasan_report+0x89/0xb0 [ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.955367] hfsplus_read_wrapper+0x659/0xa0a [ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10 [ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9 [ 419.957214] ? _raw_spin_unlock+0x1a/0x2e [ 419.957772] hfsplus_fill_super+0x348/0x1590 [ 419.958355] ? hlock_class+0x4c/0x109 [ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.959499] ? __pfx_string+0x10/0x10 [ 419.960006] ? lock_acquire+0x3e2/0x454 [ 419.960532] ? bdev_name.constprop.0+0xce/0x243 [ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10 [ 419.961799] ? puntero+0x3f0/0x62f [ 419.962277] ? __pfx_pointer+0x10/0x10 [ 419.962761] ? vsnprintf+0x6c4/0xfba [ 419.963178] ? __pfx_vsnprintf+0x10/0x10 [ 419.963621] ? setup_bdev_super+0x376/0x3b3 [ 419.964029] ? snprintf+0x9d/0xd2 [ 419.964344] ? __pfx_snprintf+0x10/0x10 [ 419.964675] ? lock_acquired+0x45c/0x5e9 [ 419.965016] ? set_blocksize+0x139/0x1c1 [ 419.965381] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.966179] mount_bdev+0x12f/0x1bf [ 419.966512] ? __pfx_mount_bdev+0x10/0x10 [ 419.966886] ? vfs_parse_fs_string+0xce/0x111 [ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10 [ 419.968073] \\u00e1rbol_obtenci\\u00f3n_legado+0x104/0x178 [ 419.968414] \\u00e1rbol_obtenci\\u00f3n_vfs+0x86/0x296 [ 419.968751] montaje_ruta+0xba3/0xd0b [ 419.969157] ? __pfx_path_mount+0x10/0x10 [ 419.969594] ? kmem_cache_free+0x1e2/0x260 [ 419.970311] montaje_ruta+0x99/0xe0 [ 419.970630] ? __pfx_do_mount+0x10/0x10 [ 419.971008] __do_sys_mount+0x199/0x1c9 [ 419.971397] do_syscall_64+0xd0/0x135 [ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 419.972233] RIP: 0033:0x7c3cb812972e [ 419.972564] C\\u00f3digo: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48 [ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e [ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI: ---truncado---\"}]",
      "id": "CVE-2024-56548",
      "lastModified": "2024-12-27T14:15:34.603",
      "published": "2024-12-27T14:15:34.603",
      "references": "[{\"url\": \"https://git.kernel.org/stable/c/06cbfbb13ac88f4154c2eb4bc4176f9d10139847\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/1c82587cb57687de3f18ab4b98a8850c789bedcf\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/21900e8478126ff6afe3b66679f676e74d1f8830\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/2667c9b7b76efcbc7adbfea249892f20c313b0da\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/3d7bda75e1a6239db053c73acde17ca146317824\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/bfeecda050aa9376f642d5b2a71c4112cc6c8216\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}, {\"url\": \"https://git.kernel.org/stable/c/f57725bcc5816425e25218fdf5fb6923bc578cdf\", \"source\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]",
      "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "vulnStatus": "Awaiting Analysis"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-56548\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-12-27T14:15:34.603\",\"lastModified\":\"2025-11-03T21:17:53.350\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhfsplus: don\u0027t query the device logical block size multiple times\\n\\nDevices block sizes may change. One of these cases is a loop device by\\nusing ioctl LOOP_SET_BLOCK_SIZE.\\n\\nWhile this may cause other issues like IO being rejected, in the case of\\nhfsplus, it will allocate a block by using that size and potentially write\\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\\nlatter function reads a different io_size.\\n\\nUsing a new min_io_size initally set to sb_min_blocksize works for the\\npurposes of the original fix, since it will be set to the max between\\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\\ninitialized.\\n\\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\\nand 4096.\\n\\nThe produced KASAN report before the fix looks like this:\\n\\n[  419.944641] ==================================================================\\n[  419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\\n[  419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\\n[  419.947612]\\n[  419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\\n[  419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\\n[  419.950035] Call Trace:\\n[  419.950384]  \u003cTASK\u003e\\n[  419.950676]  dump_stack_lvl+0x57/0x78\\n[  419.951212]  ? hfsplus_read_wrapper+0x659/0xa0a\\n[  419.951830]  print_report+0x14c/0x49e\\n[  419.952361]  ? __virt_addr_valid+0x267/0x278\\n[  419.952979]  ? kmem_cache_debug_flags+0xc/0x1d\\n[  419.953561]  ? hfsplus_read_wrapper+0x659/0xa0a\\n[  419.954231]  kasan_report+0x89/0xb0\\n[  419.954748]  ? hfsplus_read_wrapper+0x659/0xa0a\\n[  419.955367]  hfsplus_read_wrapper+0x659/0xa0a\\n[  419.955948]  ? __pfx_hfsplus_read_wrapper+0x10/0x10\\n[  419.956618]  ? do_raw_spin_unlock+0x59/0x1a9\\n[  419.957214]  ? _raw_spin_unlock+0x1a/0x2e\\n[  419.957772]  hfsplus_fill_super+0x348/0x1590\\n[  419.958355]  ? hlock_class+0x4c/0x109\\n[  419.958867]  ? __pfx_hfsplus_fill_super+0x10/0x10\\n[  419.959499]  ? __pfx_string+0x10/0x10\\n[  419.960006]  ? lock_acquire+0x3e2/0x454\\n[  419.960532]  ? bdev_name.constprop.0+0xce/0x243\\n[  419.961129]  ? __pfx_bdev_name.constprop.0+0x10/0x10\\n[  419.961799]  ? pointer+0x3f0/0x62f\\n[  419.962277]  ? __pfx_pointer+0x10/0x10\\n[  419.962761]  ? vsnprintf+0x6c4/0xfba\\n[  419.963178]  ? __pfx_vsnprintf+0x10/0x10\\n[  419.963621]  ? setup_bdev_super+0x376/0x3b3\\n[  419.964029]  ? snprintf+0x9d/0xd2\\n[  419.964344]  ? __pfx_snprintf+0x10/0x10\\n[  419.964675]  ? lock_acquired+0x45c/0x5e9\\n[  419.965016]  ? set_blocksize+0x139/0x1c1\\n[  419.965381]  ? sb_set_blocksize+0x6d/0xae\\n[  419.965742]  ? __pfx_hfsplus_fill_super+0x10/0x10\\n[  419.966179]  mount_bdev+0x12f/0x1bf\\n[  419.966512]  ? __pfx_mount_bdev+0x10/0x10\\n[  419.966886]  ? vfs_parse_fs_string+0xce/0x111\\n[  419.967293]  ? __pfx_vfs_parse_fs_string+0x10/0x10\\n[  419.967702]  ? __pfx_hfsplus_mount+0x10/0x10\\n[  419.968073]  legacy_get_tree+0x104/0x178\\n[  419.968414]  vfs_get_tree+0x86/0x296\\n[  419.968751]  path_mount+0xba3/0xd0b\\n[  419.969157]  ? __pfx_path_mount+0x10/0x10\\n[  419.969594]  ? kmem_cache_free+0x1e2/0x260\\n[  419.970311]  do_mount+0x99/0xe0\\n[  419.970630]  ? __pfx_do_mount+0x10/0x10\\n[  419.971008]  __do_sys_mount+0x199/0x1c9\\n[  419.971397]  do_syscall_64+0xd0/0x135\\n[  419.971761]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n[  419.972233] RIP: 0033:0x7c3cb812972e\\n[  419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\\n[  419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\\n[  419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\\n[  419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\\n---truncated---\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hfsplus: no consultar el tama\u00f1o del bloque l\u00f3gico del dispositivo varias veces Los tama\u00f1os de bloque de los dispositivos pueden cambiar. Uno de estos casos es un dispositivo de bucle mediante el uso de ioctl LOOP_SET_BLOCK_SIZE. Si bien esto puede causar otros problemas como el rechazo de IO, en el caso de hfsplus, asignar\u00e1 un bloque utilizando ese tama\u00f1o y potencialmente escribir\u00e1 fuera de los l\u00edmites cuando hfsplus_read_wrapper llame a hfsplus_submit_bio y la \u00faltima funci\u00f3n lea un io_size diferente. El uso de un nuevo min_io_size establecido inicialmente en sb_min_blocksize funciona para los prop\u00f3sitos de la soluci\u00f3n original, ya que se establecer\u00e1 en el m\u00e1ximo entre HFSPLUS_SECTOR_SIZE y el primer tama\u00f1o de bloque l\u00f3gico visto. Todav\u00eda usamos el m\u00e1ximo entre HFSPLUS_SECTOR_SIZE y min_io_size en caso de que este \u00faltimo no est\u00e9 inicializado. Probado montando un sistema de archivos hfsplus con tama\u00f1os de bloque de bucle 512, 1024 y 4096. El informe KASAN producido antes de la correcci\u00f3n se ve as\u00ed: [ 419.944641] ========================================================================= [ 419.945655] ERROR: KASAN: slab-use-after-free en hfsplus_read_wrapper+0x659/0xa0a [ 419.946703] Lectura de tama\u00f1o 2 en la direcci\u00f3n ffff88800721fc00 por la tarea repro/10678 [ 419.947612] [ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro No contaminado 6.12.0-rc5-00008-gdf56e0f2f3ca #84 [ 419.949007] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 419.950035] Seguimiento de llamadas: [ 419.950384]  [ 419.950676] dump_stack_lvl+0x57/0x78 [ 419.951212] ? kmem_cache_debug_flags+0xc/0x1d [ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.954231] kasan_report+0x89/0xb0 [ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.955367] hfsplus_read_wrapper+0x659/0xa0a [ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10 [ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9 [ 419.957214] ? _raw_spin_unlock+0x1a/0x2e [ 419.957772] hfsplus_fill_super+0x348/0x1590 [ 419.958355] ? hlock_class+0x4c/0x109 [ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.959499] ? __pfx_string+0x10/0x10 [ 419.960006] ? lock_acquire+0x3e2/0x454 [ 419.960532] ? bdev_name.constprop.0+0xce/0x243 [ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10 [ 419.961799] ? puntero+0x3f0/0x62f [ 419.962277] ? __pfx_pointer+0x10/0x10 [ 419.962761] ? vsnprintf+0x6c4/0xfba [ 419.963178] ? __pfx_vsnprintf+0x10/0x10 [ 419.963621] ? setup_bdev_super+0x376/0x3b3 [ 419.964029] ? snprintf+0x9d/0xd2 [ 419.964344] ? __pfx_snprintf+0x10/0x10 [ 419.964675] ? lock_acquired+0x45c/0x5e9 [ 419.965016] ? set_blocksize+0x139/0x1c1 [ 419.965381] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.966179] mount_bdev+0x12f/0x1bf [ 419.966512] ? __pfx_mount_bdev+0x10/0x10 [ 419.966886] ? vfs_parse_fs_string+0xce/0x111 [ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10 [ 419.968073] \u00e1rbol_obtenci\u00f3n_legado+0x104/0x178 [ 419.968414] \u00e1rbol_obtenci\u00f3n_vfs+0x86/0x296 [ 419.968751] montaje_ruta+0xba3/0xd0b [ 419.969157] ? __pfx_path_mount+0x10/0x10 [ 419.969594] ? kmem_cache_free+0x1e2/0x260 [ 419.970311] montaje_ruta+0x99/0xe0 [ 419.970630] ? __pfx_do_mount+0x10/0x10 [ 419.971008] __do_sys_mount+0x199/0x1c9 [ 419.971397] do_syscall_64+0xd0/0x135 [ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 419.972233] RIP: 0033:0x7c3cb812972e [ 419.972564] C\u00f3digo: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u0026lt;48\u0026gt; 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48 [ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e [ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI: ---truncado---\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.8\",\"versionEndExcluding\":\"4.19.325\",\"matchCriteriaId\":\"D230D81E-7472-4A2F-B9C6-52626B8EC459\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.287\",\"matchCriteriaId\":\"E4B15788-D35E-4E5B-A9C0-070AE3729B34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.231\",\"matchCriteriaId\":\"B5C644CC-2BD7-4E32-BC54-8DCC7ABE9935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.174\",\"matchCriteriaId\":\"419FD073-1517-4FD5-8158-F94BC68A1E89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.120\",\"matchCriteriaId\":\"09AC6122-E2A4-40FE-9D33-268A1B2EC265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.64\",\"matchCriteriaId\":\"CA16DEE3-ABEC-4449-9F4A-7A3DC4FC36C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.11.11\",\"matchCriteriaId\":\"21434379-192D-472F-9B54-D45E3650E893\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.12\",\"versionEndExcluding\":\"6.12.2\",\"matchCriteriaId\":\"D8882B1B-2ABC-4838-AC1D-DBDBB5764776\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/06cbfbb13ac88f4154c2eb4bc4176f9d10139847\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1c82587cb57687de3f18ab4b98a8850c789bedcf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/21900e8478126ff6afe3b66679f676e74d1f8830\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2667c9b7b76efcbc7adbfea249892f20c313b0da\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3d7bda75e1a6239db053c73acde17ca146317824\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/bfeecda050aa9376f642d5b2a71c4112cc6c8216\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f57725bcc5816425e25218fdf5fb6923bc578cdf\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:49:23.519Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-56548\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-01T20:02:19.622310Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-01T15:41:07.434Z\"}}], \"cna\": {\"title\": \"hfsplus: don\u0027t query the device logical block size multiple times\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"6596528e391ad978a6a120142cba97a1d7324cb6\", \"lessThan\": \"baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6596528e391ad978a6a120142cba97a1d7324cb6\", \"lessThan\": \"f57725bcc5816425e25218fdf5fb6923bc578cdf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6596528e391ad978a6a120142cba97a1d7324cb6\", \"lessThan\": \"e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6596528e391ad978a6a120142cba97a1d7324cb6\", \"lessThan\": \"06cbfbb13ac88f4154c2eb4bc4176f9d10139847\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6596528e391ad978a6a120142cba97a1d7324cb6\", \"lessThan\": \"3d7bda75e1a6239db053c73acde17ca146317824\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6596528e391ad978a6a120142cba97a1d7324cb6\", \"lessThan\": \"21900e8478126ff6afe3b66679f676e74d1f8830\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6596528e391ad978a6a120142cba97a1d7324cb6\", \"lessThan\": \"2667c9b7b76efcbc7adbfea249892f20c313b0da\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6596528e391ad978a6a120142cba97a1d7324cb6\", \"lessThan\": \"bfeecda050aa9376f642d5b2a71c4112cc6c8216\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"6596528e391ad978a6a120142cba97a1d7324cb6\", \"lessThan\": \"1c82587cb57687de3f18ab4b98a8850c789bedcf\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c53c89aba3ebdfc3e9acdb18bb5ee9d2f8a328d0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3.0.8\", \"lessThan\": \"3.1\", \"versionType\": \"semver\"}], \"programFiles\": [\"fs/hfsplus/hfsplus_fs.h\", \"fs/hfsplus/wrapper.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.1\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"3.1\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"4.19.325\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"4.19.*\"}, {\"status\": \"unaffected\", \"version\": \"5.4.287\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.4.*\"}, {\"status\": \"unaffected\", \"version\": \"5.10.231\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.174\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.120\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.64\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.11.11\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.11.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.2\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.13\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"fs/hfsplus/hfsplus_fs.h\", \"fs/hfsplus/wrapper.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8\"}, {\"url\": \"https://git.kernel.org/stable/c/f57725bcc5816425e25218fdf5fb6923bc578cdf\"}, {\"url\": \"https://git.kernel.org/stable/c/e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866\"}, {\"url\": \"https://git.kernel.org/stable/c/06cbfbb13ac88f4154c2eb4bc4176f9d10139847\"}, {\"url\": \"https://git.kernel.org/stable/c/3d7bda75e1a6239db053c73acde17ca146317824\"}, {\"url\": \"https://git.kernel.org/stable/c/21900e8478126ff6afe3b66679f676e74d1f8830\"}, {\"url\": \"https://git.kernel.org/stable/c/2667c9b7b76efcbc7adbfea249892f20c313b0da\"}, {\"url\": \"https://git.kernel.org/stable/c/bfeecda050aa9376f642d5b2a71c4112cc6c8216\"}, {\"url\": \"https://git.kernel.org/stable/c/1c82587cb57687de3f18ab4b98a8850c789bedcf\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nhfsplus: don\u0027t query the device logical block size multiple times\\n\\nDevices block sizes may change. One of these cases is a loop device by\\nusing ioctl LOOP_SET_BLOCK_SIZE.\\n\\nWhile this may cause other issues like IO being rejected, in the case of\\nhfsplus, it will allocate a block by using that size and potentially write\\nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the\\nlatter function reads a different io_size.\\n\\nUsing a new min_io_size initally set to sb_min_blocksize works for the\\npurposes of the original fix, since it will be set to the max between\\nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the\\nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not\\ninitialized.\\n\\nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024\\nand 4096.\\n\\nThe produced KASAN report before the fix looks like this:\\n\\n[  419.944641] ==================================================================\\n[  419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a\\n[  419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678\\n[  419.947612]\\n[  419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84\\n[  419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\\n[  419.950035] Call Trace:\\n[  419.950384]  \u003cTASK\u003e\\n[  419.950676]  dump_stack_lvl+0x57/0x78\\n[  419.951212]  ? hfsplus_read_wrapper+0x659/0xa0a\\n[  419.951830]  print_report+0x14c/0x49e\\n[  419.952361]  ? __virt_addr_valid+0x267/0x278\\n[  419.952979]  ? kmem_cache_debug_flags+0xc/0x1d\\n[  419.953561]  ? hfsplus_read_wrapper+0x659/0xa0a\\n[  419.954231]  kasan_report+0x89/0xb0\\n[  419.954748]  ? hfsplus_read_wrapper+0x659/0xa0a\\n[  419.955367]  hfsplus_read_wrapper+0x659/0xa0a\\n[  419.955948]  ? __pfx_hfsplus_read_wrapper+0x10/0x10\\n[  419.956618]  ? do_raw_spin_unlock+0x59/0x1a9\\n[  419.957214]  ? _raw_spin_unlock+0x1a/0x2e\\n[  419.957772]  hfsplus_fill_super+0x348/0x1590\\n[  419.958355]  ? hlock_class+0x4c/0x109\\n[  419.958867]  ? __pfx_hfsplus_fill_super+0x10/0x10\\n[  419.959499]  ? __pfx_string+0x10/0x10\\n[  419.960006]  ? lock_acquire+0x3e2/0x454\\n[  419.960532]  ? bdev_name.constprop.0+0xce/0x243\\n[  419.961129]  ? __pfx_bdev_name.constprop.0+0x10/0x10\\n[  419.961799]  ? pointer+0x3f0/0x62f\\n[  419.962277]  ? __pfx_pointer+0x10/0x10\\n[  419.962761]  ? vsnprintf+0x6c4/0xfba\\n[  419.963178]  ? __pfx_vsnprintf+0x10/0x10\\n[  419.963621]  ? setup_bdev_super+0x376/0x3b3\\n[  419.964029]  ? snprintf+0x9d/0xd2\\n[  419.964344]  ? __pfx_snprintf+0x10/0x10\\n[  419.964675]  ? lock_acquired+0x45c/0x5e9\\n[  419.965016]  ? set_blocksize+0x139/0x1c1\\n[  419.965381]  ? sb_set_blocksize+0x6d/0xae\\n[  419.965742]  ? __pfx_hfsplus_fill_super+0x10/0x10\\n[  419.966179]  mount_bdev+0x12f/0x1bf\\n[  419.966512]  ? __pfx_mount_bdev+0x10/0x10\\n[  419.966886]  ? vfs_parse_fs_string+0xce/0x111\\n[  419.967293]  ? __pfx_vfs_parse_fs_string+0x10/0x10\\n[  419.967702]  ? __pfx_hfsplus_mount+0x10/0x10\\n[  419.968073]  legacy_get_tree+0x104/0x178\\n[  419.968414]  vfs_get_tree+0x86/0x296\\n[  419.968751]  path_mount+0xba3/0xd0b\\n[  419.969157]  ? __pfx_path_mount+0x10/0x10\\n[  419.969594]  ? kmem_cache_free+0x1e2/0x260\\n[  419.970311]  do_mount+0x99/0xe0\\n[  419.970630]  ? __pfx_do_mount+0x10/0x10\\n[  419.971008]  __do_sys_mount+0x199/0x1c9\\n[  419.971397]  do_syscall_64+0xd0/0x135\\n[  419.971761]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\\n[  419.972233] RIP: 0033:0x7c3cb812972e\\n[  419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48\\n[  419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5\\n[  419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e\\n[  419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI:\\n---truncated---\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"4.19.325\", \"versionStartIncluding\": \"3.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.4.287\", \"versionStartIncluding\": \"3.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.231\", \"versionStartIncluding\": \"3.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.174\", \"versionStartIncluding\": \"3.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.120\", \"versionStartIncluding\": \"3.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.64\", \"versionStartIncluding\": \"3.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.11.11\", \"versionStartIncluding\": \"3.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.2\", \"versionStartIncluding\": \"3.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.13\", \"versionStartIncluding\": \"3.1\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"3.0.8\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-23T15:55:37.481Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-56548\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-23T15:55:37.481Z\", \"dateReserved\": \"2024-12-27T14:03:05.989Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2024-12-27T14:11:29.373Z\", \"assignerShortName\": \"Linux\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.