First published: Sat Jan 11 2025(Updated: )
In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode.
Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Software | Affected Version | How to fix |
---|---|---|
Linux Kernel | ||
Linux Kernel | <5.4.287 | |
Linux Kernel | >=5.5<5.10.231 | |
Linux Kernel | >=5.11<5.15.174 | |
Linux Kernel | >=5.16<6.1.120 | |
Linux Kernel | >=6.2<6.6.66 | |
Linux Kernel | >=6.7<6.12.5 | |
debian/linux | <=5.10.223-1 | 5.10.234-1 6.1.129-1 6.1.128-1 6.12.20-1 6.12.21-1 |
debian/linux-6.1 | 6.1.129-1~deb11u1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-57850 is classified as a medium severity vulnerability due to the potential for memory corruption.
To fix CVE-2024-57850, update your Linux kernel to the latest patched version provided by your distribution.
CVE-2024-57850 affects the Linux kernel versions prior to the fix implemented in the latest updates.
CVE-2024-57850 is a memory corruption vulnerability caused by improper bounds checking during the rtime decompression process.
While CVE-2024-57850 primarily impacts kernel memory, exploitation may require local access to the system, making remote exploitation less likely.