{"id":"CVE-2024-42306","summary":"udf: Avoid using corrupted block bitmap buffer","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nudf: Avoid using corrupted block bitmap buffer\n\nWhen the filesystem block bitmap is corrupted, we detect the corruption\nwhile loading the bitmap and fail the allocation with error. However the\nnext allocation from the same bitmap will notice the bitmap buffer is\nalready loaded and tries to allocate from the bitmap with mixed results\n(depending on the exact nature of the bitmap corruption). Fix the\nproblem by using BH_verified bit to indicate whether the bitmap is valid\nor not.","modified":"2026-04-02T12:17:56.451508Z","published":"2024-08-17T09:09:11.938Z","related":["MGASA-2024-0309","MGASA-2024-0310","SUSE-SU-2024:3551-1","SUSE-SU-2024:3559-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2024:3566-1","SUSE-SU-2024:3569-1","SUSE-SU-2024:3587-1","SUSE-SU-2024:3591-1","SUSE-SU-2024:3592-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42306.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2199e157a465aaf98294d3932797ecd7fce942d5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/271cab2ca00652bc984e269cf1208699a1e09cdd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/57053b3bcf3403b80db6f65aba284d7dfe7326af"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6a43e3c210df6c5f00570f4be49a897677dbcb64"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65"},{"type":"WEB","url":"https://git.kernel.org/stable/c/a90d4471146de21745980cba51ce88e7926bcc4f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f8654866ba914"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/42xxx/CVE-2024-42306.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-42306"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"7648ea9896b31aff38830d81188f5b7a1773e4a8"},{"fixed":"cae9e59cc41683408b70b9ab569f8654866ba914"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"4ac54312f623c6d2ca30c36c1ef530c11f5aff64"},{"fixed":"2199e157a465aaf98294d3932797ecd7fce942d5"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"099bf90d7fc4622da9fd4727f6d318a0f12d10be"},{"fixed":"6a43e3c210df6c5f00570f4be49a897677dbcb64"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6ac8f2c8362afd2baa8e7b9c946597589e587d22"},{"fixed":"271cab2ca00652bc984e269cf1208699a1e09cdd"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1e0d4adf17e7ef03281d7b16555e7c1508c8ed2d"},{"fixed":"57053b3bcf3403b80db6f65aba284d7dfe7326af"},{"fixed":"8ca170c39eca7cad6e0cfeb24e351d8f8eddcd65"},{"fixed":"a90d4471146de21745980cba51ce88e7926bcc4f"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"f862a9049c3f6e73a5504a1ac10ffd5bc253ab55"},{"last_affected":"4622cc1b6d86013e01c56b60b092b5e4726c8e52"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42306.json"}}],"schema_version":"1.7.5"}