CVE-2024-56596

jfs: fix array-index-out-of-bounds in jfs_readdir

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might contain some invalid values. Added a check to return error code in that case.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/b62f41aeec9d250144c53875b507c1d45ae8c8fc patch
https://git.kernel.org/stable/c/97e693593162eef6851d232f0c8148169ed46a5c patch
https://git.kernel.org/stable/c/9efe72eefd4c4a7ce63b3e4d667d766d2b360cb4 patch
https://git.kernel.org/stable/c/ff9fc48fab0e1ea0d423c23c99b91bba178f0b05 patch
https://git.kernel.org/stable/c/e7d376f94f72b020f84e77278b150ec1cc27502c patch
https://git.kernel.org/stable/c/8ff7579554571d92e3deab168f5a7d7b146ed368 patch
https://git.kernel.org/stable/c/839f102efb168f02dfdd46717b7c6dddb26b015e patch

Frequently Asked Questions

What is the severity of CVE-2024-56596?
CVE-2024-56596 has been scored as a high severity vulnerability.
How to fix CVE-2024-56596?
To fix CVE-2024-56596, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56596 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-56596 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56596?
CVE-2024-56596 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.