Home

Description

In the Linux kernel, the following vulnerability has been resolved: jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and we should bail out.

PUBLISHED Reserved 2024-12-27 | Published 2024-12-27 | Updated 2026-01-05 | Assigner Linux

Product status

Default status
unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before b15000bcbecf27e0f7c0f149a409e5b865e28ca2
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 368a533152220b0a6f1142327d96c6b6361f3002
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a3d408870bc19b794646871bc4c3a5daa66f91c5
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 491487eeddccc4bb49f2e59d8c8f35bec89c15ca
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 3b5d21b56c3774bc84eab0a93aaac22a4475e2c4
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before 8a4311bbde702362fe7412045d06ab6767235dac
affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (git) before a174706ba4dad895c40b1d2277bade16dfacdcd9
affected

Default status
affected

2.6.12
affected

Any version before 2.6.12
unaffected

5.4.287 (semver)
unaffected

5.10.231 (semver)
unaffected

5.15.174 (semver)
unaffected

6.1.120 (semver)
unaffected

6.6.66 (semver)
unaffected

6.12.5 (semver)
unaffected

6.13 (original_commit_for_fix)
unaffected

References

lists.debian.org/debian-lts-announce/2025/03/msg00001.html

lists.debian.org/debian-lts-announce/2025/03/msg00002.html

git.kernel.org/...c/b15000bcbecf27e0f7c0f149a409e5b865e28ca2

git.kernel.org/...c/368a533152220b0a6f1142327d96c6b6361f3002

git.kernel.org/...c/a3d408870bc19b794646871bc4c3a5daa66f91c5

git.kernel.org/...c/491487eeddccc4bb49f2e59d8c8f35bec89c15ca

git.kernel.org/...c/3b5d21b56c3774bc84eab0a93aaac22a4475e2c4

git.kernel.org/...c/8a4311bbde702362fe7412045d06ab6767235dac

git.kernel.org/...c/a174706ba4dad895c40b1d2277bade16dfacdcd9

cve.org (CVE-2024-56595)

nvd.nist.gov (CVE-2024-56595)

Download JSON