CVE-2024-57850
jffs2: Prevent rtime decompress memory corruption
In the Linux kernel, the following vulnerability has been resolved:
jffs2: Prevent rtime decompress memory corruption
The rtime decompression routine does not fully check bounds during the
entirety of the decompression pass and can corrupt memory outside the
decompression buffer if the compressed data is corrupted. This adds the
required check to prevent this failure mode.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Linux · LinuxQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5https://git.kernel.org/stable/c/47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0https://git.kernel.org/stable/c/6808a1812a3419542223e7fe9e2de577e99e45d1https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1366d02de8c5d5ebhttps://git.kernel.org/stable/c/dc39b08fcc3831b0bc46add91ba93cd2aab50716https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a47940d7d4a67332https://git.kernel.org/stable/c/fe051552f5078fa02d593847529a3884305a6ffehttps://lists.debian.org/debian-lts-announce/2025/03/msg00001.htmlhttps://lists.debian.org/debian-lts-announce/2025/03/msg00002.html