Bug 2293366 (CVE-2024-38599)
| Summary: | CVE-2024-38599 kernel: jffs2: prevent xattr node from overflowing the eraseblock | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dfreiber, drow, jburrell, rkeshri, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kernel 4.19.316, kernel 5.4.278, kernel 5.10.219, kernel 5.15.161, kernel 6.1.93, kernel 6.6.33, kernel 6.8.12, kernel 6.9.3, kernel 6.10-rc1 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A vulnerability was found in the Linux kernel in the do_jffs2_setxattr() function where improper checks can lead to an out-of-bounds write error. This can occur when the requested xattr node size is larger than the size allocate by an eraseblock, which causes the xattr node to spill onto the next eraseblock, overwriting the nodes and potentially causing errors. This vulnerability can potentially lead to data corruption or system instability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2293462 | ||
|
Description
Patrick Del Bello
2024-06-20 14:28:28 UTC
|