Memory Corruption Vulnerability in Linux Kernel's JFFS2 Component
CVE-2024-57850
7.8HIGH
Summary
A memory corruption vulnerability exists in the JFFS2 decompression routine of the Linux kernel. The issue arises because the rtime decompression process lacks comprehensive bounds checking throughout the decompression phase. If compressed data is corrupted, this can lead to memory corruption beyond the intended decompression buffer, potentially resulting in unpredictable behavior or system crashes. A recent fix has been implemented to introduce necessary checks to prevent this security risk.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 421f9e9f0fae9f8e721ffa07f22d9765fa1214d5
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved