LiveActive security incident?Get immediate response
CVE Record

CVE-2024-46744: Squashfs: sanity check symbolic link size

In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875536935 to inode->i_size. 2. Later squashfs_symlink_read_folio() is called, which assigns this corrupted value to the length variable, which being a signed int, overflows producing a negative number. 3. The following loop that fills in the page contents checks that the copied bytes is less than length, which being negative means the loop is skipped, producing an uninitialised page. This patch adds a sanity check which checks that the symbolic link size is not larger than expected. -- V2: fix spelling mistake.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2024-46744 is a Linux kernel Squashfs bug where a corrupted symbolic-link size read from disk can lead the kernel to use uninitialized page data. Business risk is mainly where Linux systems process untrusted or externally supplied Squashfs images.

Executive priority

Treat this as a scheduled kernel maintenance item unless your environment processes untrusted Squashfs images. Prioritize embedded, appliance, recovery-media, and image-processing workflows where malformed filesystem images may cross trust boundaries.

Technical view

The Squashfs symlink reader accepted an oversized symlink length from disk. That value could overflow when stored as a signed integer, skip page population, and leave an uninitialized page later observed in pick_link. Kernel stable commits add a sanity check for symlink size.

Likely exposure

Exposure is most likely on Linux systems running affected kernel versions and mounting or processing Squashfs filesystems. Debian LTS and Siemens advisories indicate downstream vendors tracked related kernel updates, so appliances and embedded Linux estates should verify vendor status.

Exploitation context

The bundle does not show active exploitation, and KEV is false. The reported evidence comes from Syzkaller-style kernel testing. Practical abuse would require a vulnerable kernel to encounter a corrupted Squashfs image with invalid symlink metadata.

Researcher notes

No CVSS, CWE, or exploit confirmation is provided in the bundle. The root cause is validation failure on Squashfs symlink length, producing signed overflow behavior and an uninitialized page. Focus validation on kernel branch fixes and downstream vendor backports.

Mitigation direction

  • Update to a kernel build containing the referenced stable Squashfs fix.
  • Apply Debian LTS or vendor kernel advisories where applicable.
  • Check Siemens product advisories if using affected Siemens platforms.
  • Restrict mounting or processing untrusted Squashfs images until patched.
  • Follow distribution guidance for reboot requirements after kernel updates.

Validation and detection

  • Inventory Linux kernel versions against the CVE affected version list.
  • Confirm deployed kernels include the referenced Squashfs symlink-size sanity check.
  • Review whether systems mount Squashfs images from untrusted sources.
  • Check Debian LTS and vendor advisories for package-level fixed versions.
  • Verify patched systems have rebooted into the updated kernel.
Prepared
Confidence
medium
Sources
12

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2024-46744 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
3ADP providers
13Source links

SSVC decision data

CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: noTechnical Impact: partial

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CISA-ADPCISA ADP Vulnrichment
other:ssvc
CVECVE Program Container
siemens-SADPADP container
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
LinuxLinux6545b246a2c815a8fcd07d58240effb6ec3481b1, 6545b246a2c815a8fcd07d58240effb6ec3481b1, 6545b246a2c815a8fcd07d58240effb6ec3481b1, 6545b246a2c815a8fcd07d58240effb6ec3481b1, 6545b246a2c815a8fcd07d58240effb6ec3481b1, 6545b246a2c815a8fcd07d58240effb6ec3481b1, 6545b246a2c815a8fcd07d58240effb6ec3481b1, 6545b246a2c815a8fcd07d58240effb6ec3481b1unaffected
LinuxLinux2.6.29, 0, 4.19.322, 5.4.284, 5.10.226, 5.15.167, 6.1.110, 6.6.51, 6.10.10, 6.11affected
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.