← Back to CVE List

CVE-2024-42084

Published: 2024-07-29T17:15Z
Last Modified: 2024-11-21T09:33Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt