CVE-2024-57850

HIGH

Linux Kernel - Out-of-bounds Write in JFFS2 rtime Decompression

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode.

References (9)

Core 9

Scores

CVSS v3 7.8
EPSS 0.0022
EPSS Percentile 12.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (23)
linux/Kernel 2.6.12 - 5.4.287linux
linux/Kernel 5.11.0 - 5.15.174linux
linux/Kernel 5.16.0 - 6.1.120linux
linux/Kernel 5.5.0 - 5.10.231linux
linux/Kernel 6.2.0 - 6.6.66linux
linux/Kernel 6.7.0 - 6.12.5linux
Linux/Linux < 2.6.12
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 421f9e9f0fae9f8e721ffa07f22d9765fa1214d5
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0
Linux/Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 6808a1812a3419542223e7fe9e2de577e99e45d1
... and 13 more
Published Jan 11, 2025
Tracked Since Feb 18, 2026