CVE-2024-57850
jffs2: Prevent rtime decompress memory corruption
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
11 jan 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
In the Linux kernel, the following vulnerability has been resolved:
jffs2: Prevent rtime decompress memory corruption
The rtime decompression routine does not fully check bounds during the
entirety of the decompression pass and can corrupt memory outside the
decompression buffer if the compressed data is corrupted. This adds the
required check to prevent this failure mode.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Linux · LinuxReferências
https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5https://git.kernel.org/stable/c/47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0https://git.kernel.org/stable/c/6808a1812a3419542223e7fe9e2de577e99e45d1https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1366d02de8c5d5ebhttps://git.kernel.org/stable/c/dc39b08fcc3831b0bc46add91ba93cd2aab50716https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a47940d7d4a67332https://git.kernel.org/stable/c/fe051552f5078fa02d593847529a3884305a6ffehttps://lists.debian.org/debian-lts-announce/2025/03/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00002.html