CVE-2024-57850
jffs2: Prevent rtime decompress memory corruption
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
11 ene 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
In the Linux kernel, the following vulnerability has been resolved:
jffs2: Prevent rtime decompress memory corruption
The rtime decompression routine does not fully check bounds during the
entirety of the decompression pass and can corrupt memory outside the
decompression buffer if the compressed data is corrupted. This adds the
required check to prevent this failure mode.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Linux · LinuxReferencias
https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5https://git.kernel.org/stable/c/47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0https://git.kernel.org/stable/c/6808a1812a3419542223e7fe9e2de577e99e45d1https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1366d02de8c5d5ebhttps://git.kernel.org/stable/c/dc39b08fcc3831b0bc46add91ba93cd2aab50716https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a47940d7d4a67332https://git.kernel.org/stable/c/fe051552f5078fa02d593847529a3884305a6ffehttps://lists.debian.org/debian-lts-announce/2025/03/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00002.html