Memory Corruption Vulnerability in Linux Kernel's JFFS2 Component
CVE-2024-57850

7.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 11 January 2025

Summary

A memory corruption vulnerability exists in the JFFS2 decompression routine of the Linux kernel. The issue arises because the rtime decompression process lacks comprehensive bounds checking throughout the decompression phase. If compressed data is corrupted, this can lead to memory corruption beyond the intended decompression buffer, potentially resulting in unpredictable behavior or system crashes. A recent fix has been implemented to introduce necessary checks to prevent this security risk.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 421f9e9f0fae9f8e721ffa07f22d9765fa1214d5

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

References

https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f...

https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a...

https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 11, 2025
Vulnerability Reserved
Jan 11, 2025