You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 40902
About this tag
The tag CVE-2024-40902 covers a Linux kernel vulnerability in the JFS filesystem's extended attribute (xattr) handling. Identified and patched in mid-2024, this flaw allows a buffer overflow when a malformed xattr triggers the kernel to hex-dump more data than the allocated buffer can hold. The issue is local in attack vector but carries high impact, potentially leading to memory corruption, kernel instability, or privilege escalation. The tag includes discussion of the upstream fix, syzkaller discovery, and guidance for applying the patch to affected systems. It is relevant for Linux system administrators and security professionals managing kernel updates.
The Linux kernel vulnerability tracked as CVE-2024-40902 — described upstream as “jfs: xattr: fix buffer overflow for invalid xattr” — was identified and fixed in the kernel in mid‑2024 after syzkaller and stable‑tree review flagged a condition where printing a malformed extended attribute...