CVE-2024-49900
Published: Oct 21, 2024
Modified: May 12, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178 ... Uninit was stored to memory at: ea_put fs/jfs/xattr.c:639 [inline] ... Local variable ea_buf created at: __jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662 __jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934 ===================================================== The reason is ea_buf->new_ea is not initialized properly. Fix this by using memset to empty its content at the beginning in ea_get().
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 7b24d41d47a6805c45378debf8bd115675d41da8affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < dac398ed272a378d2f42ac68ae408333a51baf52affected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 8b1dcf25c26d42e4a68c4725ce52a0543c7878ccaffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < d7444f91a9f93eaa48827087ed0f3381c194181daffected 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - < 6041536d18c5f51a84bc37cd568cbab61870031e+4 more versions |
Linux | Linux | affected 2.6.12unaffected 0 - < 2.6.12unaffected 4.19.323 - <= 4.19.*unaffected 5.4.285 - <= 5.4.*unaffected 5.10.227 - <= 5.10.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now