CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media

Published Aug 17, 2024
·
Updated

block: initialize integrity buffer to zero before writing it to media

Affected Software

13 affected componentsFixes available
Linux Linux kernel>=2.6.27<5.15.165
Linux Linux kernel>=5.16<6.1.103
Linux Linux kernel>=6.2<6.6.44
Linux Linux kernel>=6.7<6.10.3
debian/linux<=5.10.223-1
5.10.234-16.1.129-16.1.135-16.12.25-16.12.27-1
debian/linux-6.1
6.1.129-1~deb11u1
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance - Identity Manager virtual appliance component<=ISVG 10.0.2
Microsoft cbl2 kernel 5.15.164.1-1
Patch available
Microsoft azl3 kernel 6.6.43.1-7
Patch available
Microsoft cbl2 kernel 5.15.164.1-1
Patch available
Microsoft azl3 kernel 6.6.47.1-1
Patch available
Microsoft cbl2 kernel 5.15.167.1-1
Patch available

Remediation

Patch Available

https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644

Patch Available

https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f

Patch Available

https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2

Patch Available

https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1

Patch Available

https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00

Event History

Aug 17, 2024
CVE Published
via MITRE·09:22 AM
Data Sourced
via MITRE·09:22 AM
Description
Data Sourced
via NVD·10:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Sep 11, 2024
Data Sourced
via Microsoft·07:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
Affected Software
Updated
via Microsoft·07:00 AM
SeverityAffected Software
Updated
via Microsoft·07:00 AM
DescriptionSeverity
Apr 27, 2025
Data Sourced
via Ubuntu·12:34 AM
RemedyDescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-43854?

The severity of CVE-2024-43854 is high due to the potential for uninitialized kernel memory being written to media.

2

How do I fix CVE-2024-43854?

To fix CVE-2024-43854, ensure that your Linux kernel is updated to version 5.10.226-1 or higher, 6.1.123-1 or higher, or another appropriate remedied version.

3

Which versions of Linux are affected by CVE-2024-43854?

CVE-2024-43854 affects Linux kernel versions prior to 5.10.226-1, 6.1.123-1, and several other versions specified in the remedy.

4

What types of systems are vulnerable to CVE-2024-43854?

Systems running vulnerable versions of the Linux kernel as specified in the remedy section are susceptible to CVE-2024-43854.

5

Is there a permanent solution for CVE-2024-43854?

The permanent solution for CVE-2024-43854 is to upgrade your Linux kernel to a version that includes the patch for this vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203