Linux Kernel up to 6.1.102/6.6.43/6.10.2 ext4_ext_determine_insert_hole integer overflow

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.5 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in Linux Kernel up to 6.1.102/6.6.43/6.10.2. This impacts the function ext4_ext_determine_insert_hole. The manipulation leads to integer overflow.
This vulnerability is listed as CVE-2024-43828. There is no available exploit.
It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.1.102/6.6.43/6.10.2. This issue affects the function ext4_ext_determine_insert_hole. The manipulation with an unknown input leads to a integer overflow vulnerability. Using CWE to declare the problem leads to CWE-190. The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. Impacted is availability. The summary by CVE is:
In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable. Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039. This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range(). Thanks to Zhang Yi, for figuring out the real problem!
It is possible to read the advisory at git.kernel.org. The identification of this vulnerability is CVE-2024-43828 since 08/17/2024. Technical details of the vulnerability are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 208245 (Debian dla-3912 : ata-modules-5.10.0-29-armmp-di - security update), which helps to determine the existence of the flaw in a target environment.
Upgrading to version 6.1.103, 6.6.44 or 6.10.3 eliminates this vulnerability. Applying the patch 181e63cd595c/c6e67df64783/81f819c537d2/907c3fe53225 is able to eliminate this problem. The bugfix is ready for download at git.kernel.org. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at Tenable (208245) and CERT Bund (WID-SEC-2025-2855). Be aware that VulDB is the high quality source for vulnerability data.
Affected
- IBM DataPower Gateway
- Dell PowerScale OneFS
Product
Type
Vendor
Name
Version
- 6.1.102
- 6.6.0
- 6.6.1
- 6.6.2
- 6.6.3
- 6.6.4
- 6.6.5
- 6.6.6
- 6.6.7
- 6.6.8
- 6.6.9
- 6.6.10
- 6.6.11
- 6.6.12
- 6.6.13
- 6.6.14
- 6.6.15
- 6.6.16
- 6.6.17
- 6.6.18
- 6.6.19
- 6.6.20
- 6.6.21
- 6.6.22
- 6.6.23
- 6.6.24
- 6.6.25
- 6.6.26
- 6.6.27
- 6.6.28
- 6.6.29
- 6.6.30
- 6.6.31
- 6.6.32
- 6.6.33
- 6.6.34
- 6.6.35
- 6.6.36
- 6.6.37
- 6.6.38
- 6.6.39
- 6.6.40
- 6.6.41
- 6.6.42
- 6.6.43
- 6.10.0
- 6.10.1
- 6.10.2
License
Website
- Vendor: https://www.kernel.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.6VulDB Meta Temp Score: 5.5
VulDB Base Score: 5.7
VulDB Temp Score: 5.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 5.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Integer overflowCWE: CWE-190 / CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 208245
Nessus Name: Debian dla-3912 : ata-modules-5.10.0-29-armmp-di - security update
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Kernel 6.1.103/6.6.44/6.10.3
Patch: 181e63cd595c/c6e67df64783/81f819c537d2/907c3fe53225
Timeline
08/17/2024 🔍08/17/2024 🔍
08/17/2024 🔍
01/16/2026 🔍
Sources
Vendor: kernel.orgAdvisory: git.kernel.org
Status: Confirmed
CVE: CVE-2024-43828 (🔍)
GCVE (CVE): GCVE-0-2024-43828
GCVE (VulDB): GCVE-100-274943
CERT Bund: WID-SEC-2025-2855 - IBM DataPower Gateway: Mehrere Schwachstellen
Entry
Created: 08/17/2024 12:32Updated: 01/16/2026 23:38
Changes: 08/17/2024 12:32 (58), 08/19/2024 11:31 (1), 08/22/2024 20:11 (10), 10/08/2024 18:11 (2), 12/16/2025 15:27 (7), 01/16/2026 23:38 (1)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.