CVE-2024-57850

jffs2: Prevent rtime decompress memory corruption

Description

In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.04%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5 patch
https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a47940d7d4a67332 patch
https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1366d02de8c5d5eb patch
https://git.kernel.org/stable/c/47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0 patch
https://git.kernel.org/stable/c/6808a1812a3419542223e7fe9e2de577e99e45d1 patch
https://git.kernel.org/stable/c/dc39b08fcc3831b0bc46add91ba93cd2aab50716 patch
https://git.kernel.org/stable/c/fe051552f5078fa02d593847529a3884305a6ffe patch

Frequently Asked Questions

What is the severity of CVE-2024-57850?
CVE-2024-57850 has been scored as a high severity vulnerability.
How to fix CVE-2024-57850?
To fix CVE-2024-57850, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-57850 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-57850 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-57850?
CVE-2024-57850 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.