CVE-2024-50143
📋 TL;DR
This CVE addresses an uninitialized value vulnerability in the Linux kernel's UDF filesystem driver. An attacker could exploit this to read uninitialized kernel memory, potentially leading to information disclosure or system crashes. All Linux systems using the UDF filesystem driver are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel memory information disclosure leading to privilege escalation or system compromise
Likely Case
Kernel panic or system crash causing denial of service
If Mitigated
No impact if UDF filesystem is not mounted or patch is applied
🎯 Exploit Status
Syzkaller fuzzer discovered the bug. Exploitation requires ability to mount UDF filesystems.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Multiple stable kernel versions with commits: 0ce61b1f6b32, 1ac49babc952, 264db9d666ad, 417bd613bdbe, 4fc0d8660e39
Vendor Advisory: https://git.kernel.org/stable/c/0ce61b1f6b32df822b59c680cbe8e5ba5d335742
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version. 2. Reboot system. 3. Verify kernel version matches patched release.
🔧 Temporary Workarounds
Disable UDF module
linuxPrevent loading of UDF filesystem driver
echo 'install udf /bin/true' >> /etc/modprobe.d/disable-udf.conf
rmmod udf
Block UDF mounting
linuxPrevent mounting of UDF filesystems
echo 'udf' >> /etc/modprobe.d/blacklist.conf
🧯 If You Can't Patch
- Restrict UDF filesystem mounting to trusted users only
- Implement strict access controls on /dev/cdrom and other removable media devices
🔍 How to Verify
Check if Vulnerable:
Check if UDF module is loaded: lsmod | grep udfCheck Version:
uname -rVerify Fix Applied:
Check kernel version includes patched commit: grep -q '0ce61b1f6b32\|1ac49babc952\|264db9d666ad\|417bd613bdbe\|4fc0d8660e39' /proc/version📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- UDF filesystem mount failures
- System crashes when accessing UDF media
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("UDF" OR "udf") AND ("panic" OR "BUG" OR "Oops")🔗 References
- https://git.kernel.org/stable/c/0ce61b1f6b32df822b59c680cbe8e5ba5d335742
- https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8
- https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1
- https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2
- https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61
- https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b
- https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7
- https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
