PT-2024-9786 · Linux+5 · Linux Kernel+5
Published
2024-04-17
·
Updated
2025-03-27
·
CVE-2024-38599
CVSS v3.1
7.1
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions prior to 6.6.37
Description:
The issue is related to the jffs2 component of the Linux kernel, where an xattr node can overflow the eraseblock, causing errors and potentially leading to KASAN crashes. This occurs when the requested xattr node size is too large, spilling onto the next eraseblock and overwriting nodes. The Linux Verification Center found this vulnerability using Syzkaller.
Recommendations:
To resolve the issue, update the Linux kernel to version 6.6.37 or later.
Note: The provided information does not specify distinct recommendations for different affected versions, as the resolution primarily involves updating to a version where the vulnerability has been fixed.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu