CVE-2024-49902

jfs: check if leafidx greater than num leaves per dmap tree

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf. Shaggy: Modified sanity check to apply to control pages as well as leaf pages.

5.5
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/d76b9a4c283c7535ae7c7c9b14984e75402951e1 patch
https://git.kernel.org/stable/c/35b91f15f44ce3c01eba058ccb864bb04743e792 patch
https://git.kernel.org/stable/c/2451e5917c56be45d4add786e2a059dd9c2c37c4 patch
https://git.kernel.org/stable/c/25d2a3ff02f22e215ce53355619df10cc5faa7ab patch
https://git.kernel.org/stable/c/058aa89b3318be3d66a103ba7c68d717561e1dc6 patch
https://git.kernel.org/stable/c/7fff9a9f866e99931cf6fa260288e55d01626582 patch
https://git.kernel.org/stable/c/cb0eb10558802764f07de1dc439c4609e27cb4f0 patch
https://git.kernel.org/stable/c/4a7bf6a01fb441009a6698179a739957efd88e38 patch
https://git.kernel.org/stable/c/d64ff0d2306713ff084d4b09f84ed1a8c75ecc32 patch

Frequently Asked Questions

What is the severity of CVE-2024-49902?
CVE-2024-49902 has been scored as a medium severity vulnerability.
How to fix CVE-2024-49902?
To fix CVE-2024-49902, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-49902 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-49902 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-49902?
CVE-2024-49902 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.