CVE-2024-53147: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53147 addresses an out-of-bounds access vulnerability in the exFAT file system implementation of the Linux kernel. The vulnerability was discovered and disclosed on December 24, 2024. The issue affects the directory entry handling in the exFAT file system module (NVD).

The vulnerability occurs when the directory size is greater than or equal to the cluster size, and the start_clu becomes an EOF cluster (an invalid cluster) due to file system corruption. In this scenario, the directory entry where ei->hint_femp.eidx hint is located falls outside the directory boundaries, resulting in an out-of-bounds access. The issue has been assigned a CVSS v3.1 score of 4.7 (AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H) indicating moderate severity (Red Hat).

The vulnerability can lead to out-of-bounds access, which may cause further file system corruption. This primarily affects systems with mounted exFAT file systems and could potentially result in system instability or data corruption (Kernel Commit).

A patch has been implemented that adds a check for start_clu. If an invalid cluster is detected, the file or directory will be treated as empty, preventing the out-of-bounds access. As a temporary workaround, users can prevent the exfat module from being loaded. For systems where the vulnerability is a concern, administrators can blacklist the kernel module to prevent it from loading automatically (Red Hat).