PT-2025-3596 · Linux+7 · Linux Kernel+7
Kinsey Moore
·
Published
2024-07-23
·
Updated
2026-01-29
·
CVE-2024-57850
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Linux kernel versions prior to 6.6.74
Description
The issue is related to the jffs2 rtime decompression routine, which does not fully check bounds during decompression and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This can lead to memory corruption.
Recommendations
For versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider restricting the use of the jffs2 file system until a patch is available.
Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu