In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf. Shaggy: Modified sanity check to apply to control pages as well as leaf pages.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Linux
  • Linux Kernel

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://git.kernel.org/stable/c/058aa89b3318be3d66a103ba7c68d717561e1dc6 cve-icon cve-icon
https://git.kernel.org/stable/c/2451e5917c56be45d4add786e2a059dd9c2c37c4 cve-icon cve-icon
https://git.kernel.org/stable/c/25d2a3ff02f22e215ce53355619df10cc5faa7ab cve-icon cve-icon
https://git.kernel.org/stable/c/35b91f15f44ce3c01eba058ccb864bb04743e792 cve-icon cve-icon
https://git.kernel.org/stable/c/4a7bf6a01fb441009a6698179a739957efd88e38 cve-icon cve-icon
https://git.kernel.org/stable/c/7fff9a9f866e99931cf6fa260288e55d01626582 cve-icon cve-icon
https://git.kernel.org/stable/c/cb0eb10558802764f07de1dc439c4609e27cb4f0 cve-icon cve-icon
https://git.kernel.org/stable/c/d64ff0d2306713ff084d4b09f84ed1a8c75ecc32 cve-icon cve-icon
https://git.kernel.org/stable/c/d76b9a4c283c7535ae7c7c9b14984e75402951e1 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2024102120-CVE-2024-49902-0b84@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-49902 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49902 cve-icon
History

Thu, 13 Feb 2025 00:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

Wed, 13 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Fri, 08 Nov 2024 16:00:00 +0000

Type Values Removed Values Added
References

Wed, 23 Oct 2024 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 22 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 21 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf. Shaggy: Modified sanity check to apply to control pages as well as leaf pages.
Title jfs: check if leafidx greater than num leaves per dmap tree
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2024-12-19T09:28:41.874Z

Reserved: 2024-10-21T12:17:06.027Z

Link: CVE-2024-49902

cve-icon Vulnrichment

Updated: 2024-10-22T13:42:48.998Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-21T18:15:12.700

Modified: 2024-11-13T13:47:16.923

Link: CVE-2024-49902

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-49902 - Bugzilla