CVE-2024-49902

Summary

In the Linux kernel, the following vulnerability has been resolved:

jfs: check if leafidx greater than num leaves per dmap tree

syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.

Shaggy: Modified sanity check to apply to control pages as well as leaf pages.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d76b9a4c283c7535ae7c7c9b14984e75402951e1affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 35b91f15f44ce3c01eba058ccb864bb04743e792affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2451e5917c56be45d4add786e2a059dd9c2c37c4affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 25d2a3ff02f22e215ce53355619df10cc5faa7abaffected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 058aa89b3318be3d66a103ba7c68d717561e1dc6affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7fff9a9f866e99931cf6fa260288e55d01626582affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < cb0eb10558802764f07de1dc439c4609e27cb4f0affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4a7bf6a01fb441009a6698179a739957efd88e38affected
LinuxLinux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d64ff0d2306713ff084d4b09f84ed1a8c75ecc32affected
LinuxLinux2.6.12affected
LinuxLinux0 < 2.6.12unaffected
LinuxLinux4.19.323 <= 4.19.*unaffected
LinuxLinux5.4.285 <= 5.4.*unaffected
LinuxLinux5.10.227 <= 5.10.*unaffected
LinuxLinux5.15.168 <= 5.15.*unaffected
LinuxLinux6.1.113 <= 6.1.*unaffected
LinuxLinux6.6.55 <= 6.6.*unaffected
LinuxLinux6.10.14 <= 6.10.*unaffected
LinuxLinux6.11.3 <= 6.11.*unaffected
LinuxLinux6.12 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References