CVE-2024-57850
📋 TL;DR
A memory corruption vulnerability exists in the Linux kernel's JFFS2 filesystem rtime decompression routine. This allows attackers with access to corrupted compressed data to write beyond allocated buffer boundaries, potentially leading to system crashes or arbitrary code execution. All Linux systems using JFFS2 filesystems are affected.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, system crash, or arbitrary code execution with kernel privileges leading to complete system compromise.
Likely Case
System instability, crashes, or denial of service when processing malicious JFFS2 compressed files.
If Mitigated
Limited to denial of service if kernel hardening features like KASLR and SMAP are enabled.
🎯 Exploit Status
Requires ability to write corrupted compressed data to JFFS2 filesystem. No public exploits known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 421f9e9f0fae9f8e721ffa07f22d9765fa1214d5 or later
Vendor Advisory: https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5
Restart Required: No
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For embedded systems: Rebuild kernel with patches from stable tree. 3. No reboot required if using live kernel patching (kpatch/kgraft).
🔧 Temporary Workarounds
Disable JFFS2 filesystem
allPrevent mounting or using JFFS2 filesystems to eliminate attack surface
modprobe -r jffs2
echo 'blacklist jffs2' > /etc/modprobe.d/blacklist-jffs2.conf
🧯 If You Can't Patch
- Restrict access to JFFS2 filesystems to trusted users only
- Implement strict file upload validation for systems processing JFFS2 compressed data
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if JFFS2 module is loaded: uname -r && lsmod | grep jffs2Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes fix commits or check with: grep -r 'rtime.*decompress' /proc/kallsyms📡 Detection & Monitoring
Log Indicators:
- Kernel panic messages
- JFFS2 decompression errors in dmesg
- System crash reports
Network Indicators:
- None - local filesystem vulnerability
SIEM Query:
source="kernel" AND ("jffs2" OR "rtime" OR "decompress") AND ("panic" OR "corrupt" OR "oops")🔗 References
- https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5
- https://git.kernel.org/stable/c/47c9a7f81027a78afea9d2e9a54bfd8fabb6b3d0
- https://git.kernel.org/stable/c/6808a1812a3419542223e7fe9e2de577e99e45d1
- https://git.kernel.org/stable/c/bd384b04ad1995441b18fe6c1366d02de8c5d5eb
- https://git.kernel.org/stable/c/dc39b08fcc3831b0bc46add91ba93cd2aab50716
- https://git.kernel.org/stable/c/f6fc251baefc3cdc4f41f2f5a47940d7d4a67332
- https://git.kernel.org/stable/c/fe051552f5078fa02d593847529a3884305a6ffe
- https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html
- https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html
