CVE-2024-25739

Published: Feb 12, 2024Modified: May 12, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.

Affected (1)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 6.7.4

Related CWEs

CWE-754

Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

References (12)

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9

Source: cve@mitre.org

https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Source: cve@mitre.org

https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/mtd/ubi/vtbl.c?h=v6.6.24&id=d1b505c988b7

Source: cve@mitre.org

https://www.spinics.net/lists/kernel/msg5074816.html

Source: cve@mitre.org

Mailing List

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9