Login Sign Up

CVE-2024-49900

7.1 HIGH

📋 TL;DR

This vulnerability in the Linux kernel's JFS filesystem allows attackers to read uninitialized memory from the kernel stack, potentially leaking sensitive information. It affects systems using the JFS filesystem with the affected kernel versions. The issue occurs when handling extended attributes, allowing local attackers to exploit the flaw.

💻 Affected Systems

Products:
  • Linux kernel
Versions: Specific affected versions not specified in CVE, but patches available for multiple stable branches
Operating Systems: Linux distributions using affected kernel versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using JFS filesystem. Many distributions don't enable JFS by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel memory disclosure leading to privilege escalation or sensitive data exposure, potentially enabling further attacks.

🟠

Likely Case

Information disclosure of kernel memory contents, which could reveal sensitive data or system state information.

🟢

If Mitigated

Limited impact with proper access controls preventing local user access to affected systems.

🌐 Internet-Facing: LOW - Requires local access to exploit.
🏢 Internal Only: MEDIUM - Local attackers or malicious users could exploit this to gain information about kernel memory.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to manipulate extended attributes on JFS filesystem.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Multiple stable kernel versions with fixes: 2b59ffad47db, 6041536d18c5, 7b24d41d47a6, 7c244d5b4828, 8ad8b531de79

Vendor Advisory: https://git.kernel.org/stable/c/2b59ffad47db1c46af25ccad157bb3b25147c35c

Restart Required: Yes

Instructions:

1. Update Linux kernel to patched version from your distribution's repositories. 2. Reboot system to load new kernel. 3. Verify kernel version after reboot.

🔧 Temporary Workarounds

Disable JFS filesystem

linux

Prevent loading of JFS kernel module to mitigate vulnerability

echo 'blacklist jfs' >> /etc/modprobe.d/blacklist-jfs.conf
rmmod jfs

🧯 If You Can't Patch

  • Restrict local user access to systems using JFS filesystem
  • Implement strict access controls on JFS-mounted filesystems

🔍 How to Verify

Check if Vulnerable:

Check if JFS filesystem is in use: 'mount | grep -i jfs' or 'lsmod | grep jfs'

Check Version:

uname -r

Verify Fix Applied:

Check kernel version against patched versions from git.kernel.org references

📡 Detection & Monitoring

Log Indicators:

  • Kernel oops messages related to JFS or lzo1x_1_do_compress
  • System crash reports mentioning uninit-value

Network Indicators:

  • None - local vulnerability only

SIEM Query:

Search for kernel logs containing 'uninit-value' or 'KMSAN' with JFS context

📊 Metadata

CVE ID: CVE-2024-49900
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE: CWE-908
Published: October 21, 2024
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49900, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)