PT-2024-33743 · Linux+7 · Linux Kernel+7
Syzbot
·
Published
2024-08-24
·
Updated
2025-05-28
·
CVE-2024-49902
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.58
Description:
A vulnerability in the Linux kernel has been resolved, specifically in the jfs component. The issue arises when the
dmt leafidx is greater than the number of leaves per dmap tree, causing an out-of-bounds error in dbSplit. To address this, a check for dmt leafidx has been added in dbFindLeaf. Additionally, a sanity check has been modified to apply to both control and leaf pages.Recommendations:
For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider applying the modified sanity check to control pages as well as leaf pages, and add a checking for
dmt leafidx in dbFindLeaf to prevent out-of-bounds errors in dbSplit.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu