Out-of-bounds read in Linux kernel - CVE-2024-38599

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.

Remediation

External links

• https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11
• https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df
• https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8
• https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b
• https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098
• https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb
• https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275
• https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07
• https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12