Out-of-bounds read in Linux kernel jfs



| Updated: 2025-05-12
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-56597
CWE-ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU102086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56597

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 5.10.230

CPE2.3 External links

https://git.kernel.org/stable/c/51a203470f502a64a3da8dcea51c4748e8267a6c
https://git.kernel.org/stable/c/52756a57e978e2706543a254f88f266cc6702f36
https://git.kernel.org/stable/c/6676034aa753aa448beb30dbd75630927ba7cd96
https://git.kernel.org/stable/c/a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d
https://git.kernel.org/stable/c/bbb24ce7f06ef9b7c05beb9340787cbe9fd3d08e
https://git.kernel.org/stable/c/c56245baf3fd1f79145dd7408e3ead034b74255c
https://git.kernel.org/stable/c/df7c76636952670b31bd6c12b3aed3c502122273
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.231


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###