SB2024072939 - Input validation error in Linux kernel jfs

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2024-41017)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __jfs_getxattr() and jfs_listxattr() functions in fs/jfs/xattr.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746
• https://git.kernel.org/stable/c/fc16776a82e8df97b6c4f9a10ba95aa44cef7ba5
• https://git.kernel.org/stable/c/6386f1b6a10e5d1ddd03db4ff6dfc55d488852ce
• https://git.kernel.org/stable/c/7e21574195a45fc193555fa40e99fed16565ff7e
• https://git.kernel.org/stable/c/4e034f7e563ab723b93a59980e4a1bb33198ece8
• https://git.kernel.org/stable/c/17440dbc66ab98b410514b04987f61deedb86751
• https://git.kernel.org/stable/c/f4435f476b9bf059cd9e26a69f5b29c768d00375
• https://git.kernel.org/stable/c/dbde7bc91093fa9c2410e418b236b70fde044b73
• https://git.kernel.org/stable/c/d0fa70aca54c8643248e89061da23752506ec0d4
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.319
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.223
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.164
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.281
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.102
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.43