SB2024062039 - Out-of-bounds read in Linux kernel jffs2
Published: June 20, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062039
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2024-38599)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11
- https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df
- https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8
- https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b
- https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098
- https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb
- https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275
- https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07
- https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12