CVE-2024-56548Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write89 documents8 sources
Severity
7.8HIGHNVD
OSV8.8OSV5.5OSV4.7
EPSS
0.0%
top 94.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
LinuxLinux KernelDebian Linux+2 more
Timeline
PublishedDec 27
Latest updateMar 24

Description

In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_s

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

NVDlinux/linux_kernel3.0.84.19.325+7
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-211.231+5
CVEListV5linux/linux6596528e391ad978a6a120142cba97a1d7324cb6baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8+10
debiandebian/linux< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

44
OSV
linux-azure, linux-azure-4.15 vulnerabilities2026-03-24
OSV
linux-azure vulnerabilities2026-03-24
OSV
linux-azure-fips vulnerabilities2026-03-24
OSV
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities2026-03-20
OSV
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities2026-03-20

📋Vendor Advisories

44
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2026-03-24
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-24
Ubuntu
Linux kernel (Azure) vulnerabilities2026-03-24
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-03-20
Ubuntu
Linux kernel vulnerabilities2026-03-20