CVE-2024-57850: jffs2: Prevent rtime decompress memory corruption
First published: Sat Jan 11 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linux Kernel | ||
| Linux Kernel | <5.4.287 | |
| Linux Kernel | >=5.5<5.10.231 | |
| Linux Kernel | >=5.11<5.15.174 | |
| Linux Kernel | >=5.16<6.1.120 | |
| Linux Kernel | >=6.2<6.6.66 | |
| Linux Kernel | >=6.7<6.12.5 | |
| debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
| debian/linux-6.1 | 6.1.129-1~deb11u1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5
- https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a47940d7d4a67332
- https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1366d02de8c5d5eb
- https://git.kernel.org/stable/c/47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0
- https://git.kernel.org/stable/c/6808a1812a3419542223e7fe9e2de577e99e45d1
- https://git.kernel.org/stable/c/dc39b08fcc3831b0bc46add91ba93cd2aab50716
- https://git.kernel.org/stable/c/fe051552f5078fa02d593847529a3884305a6ffe
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-57850
- https://nvd.nist.gov/vuln/detail/CVE-2024-57850
- https://launchpad.net/bugs/cve/CVE-2024-57850
- https://security-tracker.debian.org/tracker/CVE-2024-57850
- https://ubuntu.com/security/CVE-2024-57850
- https://git.kernel.org/linus/fe051552f5078fa02d593847529a3884305a6ffe
Frequently Asked Questions
What is the severity of CVE-2024-57850?
CVE-2024-57850 is classified as a medium severity vulnerability due to the potential for memory corruption.
How do I fix CVE-2024-57850?
To fix CVE-2024-57850, update your Linux kernel to the latest patched version provided by your distribution.
What systems are affected by CVE-2024-57850?
CVE-2024-57850 affects the Linux kernel versions prior to the fix implemented in the latest updates.
What type of vulnerability is CVE-2024-57850?
CVE-2024-57850 is a memory corruption vulnerability caused by improper bounds checking during the rtime decompression process.
Can CVE-2024-57850 be exploited remotely?
While CVE-2024-57850 primarily impacts kernel memory, exploitation may require local access to the system, making remote exploitation less likely.
- agent/title
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/severity
- agent/remedy
- agent/weakness
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- collector/launchpad-cve
- source/Launchpad
- agent/references
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- vendor/linux
- canonical/linux kernel
- version/linux kernel/5.5
- version/linux kernel/5.11
- version/linux kernel/5.16
- version/linux kernel/6.2
- version/linux kernel/6.7
- package-manager/debian