CVE-2024-40902

HIGH

Linux Kernel - Stack-based Buffer Overflow in JFS Xattr Debug Logging

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log.

References (9)

Core 9

Scores

CVSS v3 7.8
EPSS 0.0032
EPSS Percentile 23.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-120 CWE-121
Status published
Products (27)
linux/Kernel 2.6.12 - 4.19.317linux
linux/Kernel 4.20.0 - 5.4.279linux
linux/Kernel 5.11.0 - 5.15.162linux
linux/Kernel 5.16.0 - 6.1.95linux
linux/Kernel 5.5.0 - 5.10.221linux
linux/Kernel 6.2.0 - 6.6.35linux
linux/Kernel 6.7.0 - 6.9.6linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 1e84c9b1838152a87cf453270a5fa75c5037e83a
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 33aecc5799c93d3ee02f853cb94e201f9731f123
... and 17 more
Published Jul 12, 2024
Tracked Since Feb 18, 2026