vulnerability

Debian: CVE-2024-40902: linux, linux-6.1 -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Jul 12, 2024	Jul 17, 2024	Jan 28, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Jul 12, 2024

Added

Jul 17, 2024

Modified

Jan 28, 2025

Description

In the Linux kernel, the following vulnerability has been resolved:

jfs: xattr: fix buffer overflow for invalid xattr

When an xattr size is not what is expected, it is printed out to the
kernel log in hex format as a form of debugging. But when that xattr
size is bigger than the expected size, printing it out can cause an
access off the end of the buffer.

Fix this all up by properly restricting the size of the debug hex dump
in the kernel log.

Solution(s)

debian-upgrade-linuxdebian-upgrade-linux-6-1

References

CVE-2024-40902
https://attackerkb.com/topics/CVE-2024-40902
DEBIAN-DSA-5730-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today