#VU94296 Buffer overflow in Linux kernel - CVE-2024-40902
Published: July 13, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU94296
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-40902
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ea_get() function in fs/jfs/xattr.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f
- https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a
- https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0
- https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7
- https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123
- https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69
- https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f
- https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.35