{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50013", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-10-21T12:17:06.061Z", "datePublished": "2024-10-21T18:54:05.089Z", "dateUpdated": "2024-12-19T09:31:17.449Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:31:17.449Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix memory leak in exfat_load_bitmap()\n\nIf the first directory entry in the root directory is not a bitmap\ndirectory entry, 'bh' will not be released and reassigned, which\nwill cause a memory leak."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/exfat/balloc.c"], "versions": [{"version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "f692160d3e1e5450605071b8df8f7d08d9b09a83", "status": "affected", "versionType": "git"}, {"version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "ddf704c2ce3b73f38d2dd8cf1bb0f7ec038bdf63", "status": "affected", "versionType": "git"}, {"version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "4e1813e52f86eb8db0c6c9570251f2fcbc571f5d", "status": "affected", "versionType": "git"}, {"version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "bf0b3b35259475d1fe377bcaa565488e26684f7a", "status": "affected", "versionType": "git"}, {"version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "dca359db1eb37f334267ebd7e3cab9a66d191d5b", "status": "affected", "versionType": "git"}, {"version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "89081e8407e637463db5880d168e3652fb9f4330", "status": "affected", "versionType": "git"}, {"version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "d2b537b3e533f28e0d97293fe9293161fe8cd137", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["fs/exfat/balloc.c"], "versions": [{"version": "5.7", "status": "affected"}, {"version": "0", "lessThan": "5.7", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.227", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.168", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.113", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.55", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.14", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11.3", "lessThanOrEqual": "6.11.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "references": [{"url": "https://git.kernel.org/stable/c/f692160d3e1e5450605071b8df8f7d08d9b09a83"}, {"url": "https://git.kernel.org/stable/c/ddf704c2ce3b73f38d2dd8cf1bb0f7ec038bdf63"}, {"url": "https://git.kernel.org/stable/c/4e1813e52f86eb8db0c6c9570251f2fcbc571f5d"}, {"url": "https://git.kernel.org/stable/c/bf0b3b35259475d1fe377bcaa565488e26684f7a"}, {"url": "https://git.kernel.org/stable/c/dca359db1eb37f334267ebd7e3cab9a66d191d5b"}, {"url": "https://git.kernel.org/stable/c/89081e8407e637463db5880d168e3652fb9f4330"}, {"url": "https://git.kernel.org/stable/c/d2b537b3e533f28e0d97293fe9293161fe8cd137"}], "title": "exfat: fix memory leak in exfat_load_bitmap()", "x_generator": {"engine": "bippy-5f407fcff5a0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:28:23.211214Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:28:48.436Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50013", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-22T13:28:23.211214Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T13:28:26.292Z"}}], "cna": {"title": "exfat: fix memory leak in exfat_load_bitmap()", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "f692160d3e1e5450605071b8df8f7d08d9b09a83", "versionType": "git"}, {"status": "affected", "version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "ddf704c2ce3b73f38d2dd8cf1bb0f7ec038bdf63", "versionType": "git"}, {"status": "affected", "version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "4e1813e52f86eb8db0c6c9570251f2fcbc571f5d", "versionType": "git"}, {"status": "affected", "version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "bf0b3b35259475d1fe377bcaa565488e26684f7a", "versionType": "git"}, {"status": "affected", "version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "dca359db1eb37f334267ebd7e3cab9a66d191d5b", "versionType": "git"}, {"status": "affected", "version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "89081e8407e637463db5880d168e3652fb9f4330", "versionType": "git"}, {"status": "affected", "version": "1e49a94cf707204b66a3fb242f2814712c941f52", "lessThan": "d2b537b3e533f28e0d97293fe9293161fe8cd137", "versionType": "git"}], "programFiles": ["fs/exfat/balloc.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.7"}, {"status": "unaffected", "version": "0", "lessThan": "5.7", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.227", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.168", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.113", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.55", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.14", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11.3", "versionType": "semver", "lessThanOrEqual": "6.11.*"}, {"status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["fs/exfat/balloc.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/f692160d3e1e5450605071b8df8f7d08d9b09a83"}, {"url": "https://git.kernel.org/stable/c/ddf704c2ce3b73f38d2dd8cf1bb0f7ec038bdf63"}, {"url": "https://git.kernel.org/stable/c/4e1813e52f86eb8db0c6c9570251f2fcbc571f5d"}, {"url": "https://git.kernel.org/stable/c/bf0b3b35259475d1fe377bcaa565488e26684f7a"}, {"url": "https://git.kernel.org/stable/c/dca359db1eb37f334267ebd7e3cab9a66d191d5b"}, {"url": "https://git.kernel.org/stable/c/89081e8407e637463db5880d168e3652fb9f4330"}, {"url": "https://git.kernel.org/stable/c/d2b537b3e533f28e0d97293fe9293161fe8cd137"}], "x_generator": {"engine": "bippy-5f407fcff5a0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix memory leak in exfat_load_bitmap()\n\nIf the first directory entry in the root directory is not a bitmap\ndirectory entry, 'bh' will not be released and reassigned, which\nwill cause a memory leak."}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2024-12-19T09:31:17.449Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50013", "state": "PUBLISHED", "dateUpdated": "2024-12-19T09:31:17.449Z", "dateReserved": "2024-10-21T12:17:06.061Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-10-21T18:54:05.089Z", "assignerShortName": "Linux"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E992DF81-0B1D-4EEA-8F9E-DCB1FE218301", "versionEndExcluding": "5.10.227", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C", "versionEndExcluding": "5.15.168", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE", "versionEndExcluding": "6.1.113", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0", "versionEndExcluding": "6.6.55", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021", "versionEndExcluding": "6.10.14", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9", "versionEndExcluding": "6.11.3", "versionStartIncluding": "6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix memory leak in exfat_load_bitmap()\n\nIf the first directory entry in the root directory is not a bitmap\ndirectory entry, 'bh' will not be released and reassigned, which\nwill cause a memory leak."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: exfat: corrige p\u00e9rdida de memoria en exfat_load_bitmap() Si la primera entrada de directorio en el directorio ra\u00edz no es una entrada de directorio de mapa de bits, 'bh' no se liberar\u00e1 ni se reasignar\u00e1, lo que provocar\u00e1 una p\u00e9rdida de memoria."}], "id": "CVE-2024-50013", "lastModified": "2024-10-25T19:49:36.863", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-21T19:15:04.767", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4e1813e52f86eb8db0c6c9570251f2fcbc571f5d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/89081e8407e637463db5880d168e3652fb9f4330"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bf0b3b35259475d1fe377bcaa565488e26684f7a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/d2b537b3e533f28e0d97293fe9293161fe8cd137"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/dca359db1eb37f334267ebd7e3cab9a66d191d5b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/ddf704c2ce3b73f38d2dd8cf1bb0f7ec038bdf63"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f692160d3e1e5450605071b8df8f7d08d9b09a83"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: exfat: fix memory leak in exfat_load_bitmap()", "id": "2320454", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320454"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "status": "draft"}, "cwe": "CWE-401", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nexfat: fix memory leak in exfat_load_bitmap()\nIf the first directory entry in the root directory is not a bitmap\ndirectory entry, 'bh' will not be released and reassigned, which\nwill cause a memory leak."], "name": "CVE-2024-50013", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-50013\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-50013\nhttps://lore.kernel.org/linux-cve-announce/2024102110-CVE-2024-50013-05ef@gregkh/T"], "threat_severity": "Moderate"}