{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2024-35807","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-05-17T12:19:12.342Z","datePublished":"2024-05-17T13:23:14.869Z","dateUpdated":"2026-05-12T11:52:08.068Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T20:11:24.344Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix corruption during on-line resize\n\nWe observed a corruption during on-line resize of a file system that is\nlarger than 16 TiB with 4k block size. With having more then 2^32 blocks\nresize_inode is turned off by default by mke2fs. The issue can be\nreproduced on a smaller file system for convenience by explicitly\nturning off resize_inode. An on-line resize across an 8 GiB boundary (the\nsize of a meta block group in this setup) then leads to a corruption:\n\n  dev=/dev/<some_dev> # should be >= 16 GiB\n  mkdir -p /corruption\n  /sbin/mke2fs -t ext4 -b 4096 -O ^resize_inode $dev $((2 * 2**21 - 2**15))\n  mount -t ext4 $dev /corruption\n\n  dd if=/dev/zero bs=4096 of=/corruption/test count=$((2*2**21 - 4*2**15))\n  sha1sum /corruption/test\n  # 79d2658b39dcfd77274e435b0934028adafaab11  /corruption/test\n\n  /sbin/resize2fs $dev $((2*2**21))\n  # drop page cache to force reload the block from disk\n  echo 1 > /proc/sys/vm/drop_caches\n\n  sha1sum /corruption/test\n  # 3c2abc63cbf1a94c9e6977e0fbd72cd832c4d5c3  /corruption/test\n\n2^21 = 2^15*2^6 equals 8 GiB whereof 2^15 is the number of blocks per\nblock group and 2^6 are the number of block groups that make a meta\nblock group.\n\nThe last checksum might be different depending on how the file is laid\nout across the physical blocks. The actual corruption occurs at physical\nblock 63*2^15 = 2064384 which would be the location of the backup of the\nmeta block group's block descriptor. During the on-line resize the file\nsystem will be converted to meta_bg starting at s_first_meta_bg which is\n2 in the example - meaning all block groups after 16 GiB. However, in\next4_flex_group_add we might add block groups that are not part of the\nfirst meta block group yet. In the reproducer we achieved this by\nsubstracting the size of a whole block group from the point where the\nmeta block group would start. This must be considered when updating the\nbackup block group descriptors to follow the non-meta_bg layout. The fix\nis to add a test whether the group to add is already part of the meta\nblock group or not."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/resize.c"],"versions":[{"version":"01f795f9e0d67adeccc61a8b20c28acb45fa5fd8","lessThan":"75cc31c2e7193b69f5d25650bda5bb42ed92f8a1","status":"affected","versionType":"git"},{"version":"01f795f9e0d67adeccc61a8b20c28acb45fa5fd8","lessThan":"ee4e9c1976147a850f6085a13fca95bcaa00d84c","status":"affected","versionType":"git"},{"version":"01f795f9e0d67adeccc61a8b20c28acb45fa5fd8","lessThan":"e8e8b197317228b5089ed9e7802dadf3ccaa027a","status":"affected","versionType":"git"},{"version":"01f795f9e0d67adeccc61a8b20c28acb45fa5fd8","lessThan":"239c669edb2bffa1aa2612519b1d438ab35d6be6","status":"affected","versionType":"git"},{"version":"01f795f9e0d67adeccc61a8b20c28acb45fa5fd8","lessThan":"fb1088d51bbaa0faec5a55d4f5818a9ab79e24df","status":"affected","versionType":"git"},{"version":"01f795f9e0d67adeccc61a8b20c28acb45fa5fd8","lessThan":"37b6a3ba793bbbae057f5b991970ebcc52cb3db5","status":"affected","versionType":"git"},{"version":"01f795f9e0d67adeccc61a8b20c28acb45fa5fd8","lessThan":"b461910af8ba3bed80f48c2bf852686d05c6fc5c","status":"affected","versionType":"git"},{"version":"01f795f9e0d67adeccc61a8b20c28acb45fa5fd8","lessThan":"722d2c01b8b108f8283d1b7222209d5b2a5aa7bd","status":"affected","versionType":"git"},{"version":"01f795f9e0d67adeccc61a8b20c28acb45fa5fd8","lessThan":"a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["fs/ext4/resize.c"],"versions":[{"version":"3.7","status":"affected"},{"version":"0","lessThan":"3.7","status":"unaffected","versionType":"semver"},{"version":"4.19.312","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.274","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.215","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.154","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.84","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.24","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.7.12","lessThanOrEqual":"6.7.*","status":"unaffected","versionType":"semver"},{"version":"6.8.3","lessThanOrEqual":"6.8.*","status":"unaffected","versionType":"semver"},{"version":"6.9","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"4.19.312"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.4.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.10.215"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"5.15.154"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.1.84"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.6.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.7.12"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.8.3"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.7","versionEndExcluding":"6.9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1"},{"url":"https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c"},{"url":"https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a"},{"url":"https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6"},{"url":"https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df"},{"url":"https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5"},{"url":"https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c"},{"url":"https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd"},{"url":"https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc"}],"title":"ext4: fix corruption during on-line resize","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-12T15:25:51.499528Z","id":"CVE-2024-35807","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-12T15:26:07.895Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T03:21:47.537Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html","tags":["x_transferred"]}]},{"x_adpType":"supplier","providerMetadata":{"orgId":"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e","shortName":"siemens-SADP","dateUpdated":"2026-05-12T11:52:08.068Z"},"affected":[{"vendor":"Siemens","product":"SIMATIC S7-1500 TM MFP - GNU/Linux subsystem","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"},{"vendor":"Siemens","product":"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP","versions":[{"status":"affected","version":"V3.1.0","lessThan":"V3.1.5","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-398330.html"},{"url":"https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}]}]},"dataVersion":"5.2"}