Linux Kernel JFFS2 Memory Corruption Vulnerability in Rtime Decompression

Vulnerability

A memory corruption vulnerability has been identified in the Linux kernel's JFFS2 file system, specifically within the rtime decompression routine. The issue arises because the routine fails to properly check bounds during the entire decompression process. As a result, if the compressed data is corrupted, it can lead to memory corruption outside the designated decompression buffer. This vulnerability has been addressed by adding the necessary bounds checks to prevent such memory corruption.

Impact

Exploitation of this vulnerability could lead to arbitrary memory corruption, potentially allowing for further exploitation such as arbitrary code execution or escalation of privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel JFFS2 Memory Corruption Vulnerability in Rtime Decompression

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating