PT-2024-6604 · Linux+6 · Linux Kernel+6

Published

2024-06-04

·

Updated

2025-09-29

·

CVE-2024-40902

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: The issue is related to a buffer overflow in the jfs file system's xattr functionality. When an xattr size is not as expected, it is printed out to the kernel log in hex format for debugging purposes. However, if the xattr size is larger than expected, printing it can cause an access off the end of the buffer. This is fixed by properly restricting the size of the debug hex dump in the kernel log. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-120

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-10855
ALT-PU-2024-11524
ALT-PU-2024-12537
ALT-PU-2024-13979
ALT-PU-2024-14046
ALT-PU-2024-9967
AZL-47002
BDU:2024-07751
CVE-2024-40902
DLA-4008-1
DSA-5730-1
DSA-5731-1
OESA-2024-1963
OESA-2024-2028
OESA-2024-2029
OESA-2024-2031
OPENSUSE-SU-2024_2947-1
SUSE-SU-2024:2894-1
SUSE-SU-2024:2902-1
SUSE-SU-2024:2929-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2947-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3617-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-6999-1
USN-6999-2
USN-7003-1
USN-7003-2
USN-7003-3
USN-7003-4
USN-7003-5
USN-7004-1
USN-7005-1
USN-7005-2
USN-7006-1
USN-7007-1
USN-7007-2
USN-7007-3
USN-7008-1
USN-7009-1
USN-7009-2
USN-7019-1
USN-7028-1
USN-7028-2
USN-7029-1
USN-7039-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu