CVE-2024-49902
N/A
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
jfs: check if leafidx greater than num leaves per dmap tree
syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.
Shaggy: Modified sanity check to apply to control pages as well as leaf pages.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d76b9a4c283c7535ae7c7c9b14984e75402951e1 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 35b91f15f44ce3c01eba058ccb864bb04743e792 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 2451e5917c56be45d4add786e2a059dd9c2c37c4 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 25d2a3ff02f22e215ce53355619df10cc5faa7ab | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 058aa89b3318be3d66a103ba7c68d717561e1dc6 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 7fff9a9f866e99931cf6fa260288e55d01626582 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < cb0eb10558802764f07de1dc439c4609e27cb4f0 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4a7bf6a01fb441009a6698179a739957efd88e38 | affected |
| Linux | Linux | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < d64ff0d2306713ff084d4b09f84ed1a8c75ecc32 | affected |
| Linux | Linux | 2.6.12 | affected |
| Linux | Linux | 0 < 2.6.12 | unaffected |
| Linux | Linux | 4.19.323 <= 4.19.* | unaffected |
| Linux | Linux | 5.4.285 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.227 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.168 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.113 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.55 <= 6.6.* | unaffected |
| Linux | Linux | 6.10.14 <= 6.10.* | unaffected |
| Linux | Linux | 6.11.3 <= 6.11.* | unaffected |
| Linux | Linux | 6.12 <= * | unaffected |
Weaknesses
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
- https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html
Additional References
- https://cert-portal.siemens.com/productcert/html/ssa-265688.html
- https://cert-portal.siemens.com/productcert/html/ssa-355557.html
References
- https://git.kernel.org/stable/c/d76b9a4c283c7535ae7c7c9b14984e75402951e1
- https://git.kernel.org/stable/c/35b91f15f44ce3c01eba058ccb864bb04743e792
- https://git.kernel.org/stable/c/2451e5917c56be45d4add786e2a059dd9c2c37c4
- https://git.kernel.org/stable/c/25d2a3ff02f22e215ce53355619df10cc5faa7ab
- https://git.kernel.org/stable/c/058aa89b3318be3d66a103ba7c68d717561e1dc6
- https://git.kernel.org/stable/c/7fff9a9f866e99931cf6fa260288e55d01626582
- https://git.kernel.org/stable/c/cb0eb10558802764f07de1dc439c4609e27cb4f0
- https://git.kernel.org/stable/c/4a7bf6a01fb441009a6698179a739957efd88e38
- https://git.kernel.org/stable/c/d64ff0d2306713ff084d4b09f84ed1a8c75ecc32
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.