CVE-2024-57850Out-of-bounds Write in Linux

CWE-787Out-of-bounds Write97 documents6 sources
Severity
7.8HIGHNVD
OSV8.8OSV5.5
EPSS
0.0%
top 94.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
LinuxLinux KernelDebian Linux+1 more
Timeline
PublishedJan 11
Latest updateJan 29

Description

In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

NVDlinux/linux_kernel5.55.10.231+5
Debianlinux/linux_kernel< 5.10.234-1+3
Ubuntulinux/linux_kernel< 5.4.0-211.231+5
CVEListV5linux/linux1da177e4c3f41524e886b7f1b8a0c1fc7321cac2421f9e9f0fae9f8e721ffa07f22d9765fa1214d5+7
debiandebian/linux< linux 6.1.123-1 (bookworm)

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

48
OSV
linux vulnerabilities2026-01-29
OSV
linux-azure, linux-azure-4.15 vulnerabilities2025-06-09
OSV
linux-azure-fips vulnerabilities2025-06-09
OSV
linux-azure vulnerabilities2025-06-09
OSV
linux-fips vulnerabilities2025-06-06

📋Vendor Advisories

48
Ubuntu
Linux kernel vulnerabilities2026-01-29
Ubuntu
Kernel Live Patch Security Notice2025-07-10
Ubuntu
Linux kernel (Azure) vulnerabilities2025-06-09
Ubuntu
Linux kernel (Azure FIPS) vulnerabilities2025-06-09
Ubuntu
Linux kernel (Azure) vulnerabilities2025-06-09