Memory Corruption Vulnerability in Linux Kernel's JFFS2 Component

CVE-2024-57850

Summary

A memory corruption vulnerability exists in the JFFS2 decompression routine of the Linux kernel. The issue arises because the rtime decompression process lacks comprehensive bounds checking throughout the decompression phase. If compressed data is corrupted, this can lead to memory corruption beyond the intended decompression buffer, potentially resulting in unpredictable behavior or system crashes. A recent fix has been implemented to introduce necessary checks to prevent this security risk.

References