CVE-2024-42115

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.43

Description A vulnerability in the Linux kernel's jffs2 file system has been resolved. The issue was related to a potential illegal address access in the jffs2 free inode function. During stress testing, abnormal printouts were found, indicating a kernel paging request error at a virtual address. The error was caused by the destroy inode process being triggered in the iget locked function, which released the inode and consequently did not initialize the target member of the inode. The fix method is to set the target to NULL in the jffs2 i init once function.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.43 or later. As a temporary workaround, consider disabling the jffs2 file system until a patch is available. However, since the fix is to set the target to NULL in the jffs2 i init once function, applying this patch or updating to a version that includes this fix is the recommended resolution.