PT-2024-33741 · Linux+7 · Linux Kernel+7
Syzbot
·
Published
2024-09-04
·
Updated
2025-05-28
·
CVE-2024-49900
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
A vulnerability in the Linux kernel has been resolved, related to an uninit-value access of
new ea in ea buffer. The issue was reported by syzbot, which found that lzo1x 1 do compress was using an uninit-value. The problem occurred because ea buf->new ea was not initialized properly. The fix involves using memset to empty the content of ea buf at the beginning of ea get().Recommendations:
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the
jfs file system until the update is applied.Exploit
Fix
Use of Uninitialized Resource
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu