CVE-2024-56598

jfs: array-index-out-of-bounds fix in dtReadFirst

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/25f1e673ef61d6bf9a6022e27936785896d74948 patch
https://git.kernel.org/stable/c/8c97a4d5463a1c972ef576ac499ea9b05f956097 patch
https://git.kernel.org/stable/c/823d573f5450ca6be80b36f54d1902ac7cd23fb9 patch
https://git.kernel.org/stable/c/2eea5fda5556ef03defebf07b0a12fcd2c5210f4 patch
https://git.kernel.org/stable/c/fd993b2180b4c373af8b99aa28d4dcda5c2a8f10 patch
https://git.kernel.org/stable/c/22dcbf7661c6ffc3247978c254dc40b833a0d429 patch
https://git.kernel.org/stable/c/ca84a2c9be482836b86d780244f0357e5a778c46 patch

Frequently Asked Questions

What is the severity of CVE-2024-56598?
CVE-2024-56598 has been scored as a high severity vulnerability.
How to fix CVE-2024-56598?
To fix CVE-2024-56598, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-56598 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-56598 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-56598?
CVE-2024-56598 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.