Unrated severityNVD Advisory· Published Dec 24, 2024· Updated Oct 1, 2025

exfat: fix out-of-bounds access of directory entries

CVE-2024-53147

Description

In the Linux kernel, the following vulnerability has been resolved:

In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption.

This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty.

Affected products

147

Linux/Linux Kernel Rtllm-fuzzy
Linux/exfatllm-fuzzy
osv-coords144 versions
pkg:deb/ubuntu/linux@6.11.0-18.18?arch=source&distro=oracular pkg:deb/ubuntu/linux-aws@6.11.0-1009.10?arch=source&distro=oracular pkg:deb/ubuntu/linux-azure@6.11.0-1009.9?arch=source&distro=oracular pkg:deb/ubuntu/linux-gcp@6.11.0-1009.9?arch=source&distro=oracular pkg:deb/ubuntu/linux-lowlatency@6.11.0-1010.11?arch=source&distro=oracular pkg:deb/ubuntu/linux-oracle@6.11.0-1011.12?arch=source&distro=oracular pkg:deb/ubuntu/linux-raspi@6.11.0-1008.8?arch=source&distro=oracular pkg:deb/ubuntu/linux-realtime@6.11.0-1005.5?arch=source&distro=oracular pkg:rpm/almalinux/kernel pkg:rpm/almalinux/kernel-64k pkg:rpm/almalinux/kernel-64k-core pkg:rpm/almalinux/kernel-64k-debug pkg:rpm/almalinux/kernel-64k-debug-core pkg:rpm/almalinux/kernel-64k-debug-devel pkg:rpm/almalinux/kernel-64k-debug-devel-matched pkg:rpm/almalinux/kernel-64k-debug-modules pkg:rpm/almalinux/kernel-64k-debug-modules-core pkg:rpm/almalinux/kernel-64k-debug-modules-extra pkg:rpm/almalinux/kernel-64k-devel pkg:rpm/almalinux/kernel-64k-devel-matched pkg:rpm/almalinux/kernel-64k-modules pkg:rpm/almalinux/kernel-64k-modules-core pkg:rpm/almalinux/kernel-64k-modules-extra pkg:rpm/almalinux/kernel-abi-stablelists pkg:rpm/almalinux/kernel-core pkg:rpm/almalinux/kernel-cross-headers pkg:rpm/almalinux/kernel-debug pkg:rpm/almalinux/kernel-debug-core pkg:rpm/almalinux/kernel-debug-devel pkg:rpm/almalinux/kernel-debug-devel-matched pkg:rpm/almalinux/kernel-debug-modules pkg:rpm/almalinux/kernel-debug-modules-core pkg:rpm/almalinux/kernel-debug-modules-extra pkg:rpm/almalinux/kernel-debug-uki-virt pkg:rpm/almalinux/kernel-devel pkg:rpm/almalinux/kernel-devel-matched pkg:rpm/almalinux/kernel-doc pkg:rpm/almalinux/kernel-headers pkg:rpm/almalinux/kernel-modules pkg:rpm/almalinux/kernel-modules-core pkg:rpm/almalinux/kernel-modules-extra pkg:rpm/almalinux/kernel-modules-extra-matched pkg:rpm/almalinux/kernel-rt pkg:rpm/almalinux/kernel-rt-64k pkg:rpm/almalinux/kernel-rt-64k-core pkg:rpm/almalinux/kernel-rt-64k-debug pkg:rpm/almalinux/kernel-rt-64k-debug-core pkg:rpm/almalinux/kernel-rt-64k-debug-devel pkg:rpm/almalinux/kernel-rt-64k-debug-modules pkg:rpm/almalinux/kernel-rt-64k-debug-modules-core pkg:rpm/almalinux/kernel-rt-64k-debug-modules-extra pkg:rpm/almalinux/kernel-rt-64k-devel pkg:rpm/almalinux/kernel-rt-64k-modules pkg:rpm/almalinux/kernel-rt-64k-modules-core pkg:rpm/almalinux/kernel-rt-64k-modules-extra pkg:rpm/almalinux/kernel-rt-core pkg:rpm/almalinux/kernel-rt-debug pkg:rpm/almalinux/kernel-rt-debug-core pkg:rpm/almalinux/kernel-rt-debug-devel pkg:rpm/almalinux/kernel-rt-debug-modules pkg:rpm/almalinux/kernel-rt-debug-modules-core pkg:rpm/almalinux/kernel-rt-debug-modules-extra pkg:rpm/almalinux/kernel-rt-devel pkg:rpm/almalinux/kernel-rt-modules pkg:rpm/almalinux/kernel-rt-modules-core pkg:rpm/almalinux/kernel-rt-modules-extra pkg:rpm/almalinux/kernel-tools pkg:rpm/almalinux/kernel-tools-libs pkg:rpm/almalinux/kernel-tools-libs-devel pkg:rpm/almalinux/kernel-uki-virt pkg:rpm/almalinux/kernel-uki-virt-addons pkg:rpm/almalinux/kernel-zfcpdump pkg:rpm/almalinux/kernel-zfcpdump-core pkg:rpm/almalinux/kernel-zfcpdump-devel pkg:rpm/almalinux/kernel-zfcpdump-devel-matched pkg:rpm/almalinux/kernel-zfcpdump-modules pkg:rpm/almalinux/kernel-zfcpdump-modules-core pkg:rpm/almalinux/kernel-zfcpdump-modules-extra pkg:rpm/almalinux/libperf pkg:rpm/almalinux/perf pkg:rpm/almalinux/python3-perf pkg:rpm/almalinux/rtla pkg:rpm/almalinux/rv pkg:rpm/opensuse/dtb-aarch64&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-64kb&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-docs&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-kvmsmall&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-obs-qa&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-source-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-azure&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-syms-rt&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/kernel-zfcpdump&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_6&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_6&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_6&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_6&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-source-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Micro%206.1 pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6 pkg:rpm/suse/kernel-syms-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP6 pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
< 6.11.0-18.18+ 143 more
- (no CPE)range: < 6.11.0-18.18
- (no CPE)range: < 6.11.0-1009.10
- (no CPE)range: < 6.11.0-1009.9
- (no CPE)range: < 6.11.0-1009.9
- (no CPE)range: < 6.11.0-1010.11
- (no CPE)range: < 6.11.0-1011.12
- (no CPE)range: < 6.11.0-1008.8
- (no CPE)range: < 6.11.0-1005.5
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.12.0-124.8.1.el10_1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2.150600.12.18.4
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-15061.18.coco15sp6.1
- (no CPE)range: < 6.4.0-15061.18.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.42.2.150600.12.18.4
- (no CPE)range: < 6.4.0-28.1.21.6
- (no CPE)range: < 6.4.0-28.1.21.6
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-3.1
- (no CPE)range: < 1-150600.1.3.2
- (no CPE)range: < 1-150600.13.3.4
- (no CPE)range: < 6.4.0-150600.23.42.2
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-15061.18.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-28.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.8.31.1
- (no CPE)range: < 6.4.0-15061.18.coco15sp6.1
- (no CPE)range: < 6.4.0-150600.23.42.1
- (no CPE)range: < 6.4.0-150600.10.29.1
- (no CPE)range: < 6.4.0-150600.23.42.2
Linux/Linuxcpe-rescue
Range: 5.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000