7.1
HIGH CVSS 3.1
CVE-2024-38599
jffs2: prevent xattr node from overflowing the eraseblock
Description

In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren't split into parts and spread across multiple eraseblocks, which means that a xattr node must not occupy more than one eraseblock. If the requested xattr value is too large, the xattr node can spill onto the next eraseblock, overwriting the nodes and causing errors such as: jffs2: argh. node added in wrong place at 0x0000b050(2) jffs2: nextblock 0x0000a000, expected at 0000b00c jffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050, read=0xfc892c93, calc=0x000000 jffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed at 0x01e00c. {848f,2fc4,0fef511f,59a3d171} jffs2: Node at 0x0000000c with length 0x00001044 would run over the end of the erase block jffs2: Perhaps the file system was created with the wrong erase size? jffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found at 0x00000010: 0x1044 instead This breaks the filesystem and can lead to KASAN crashes such as: BUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0 Read of size 4 at addr ffff88802c31e914 by task repro/830 CPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xc4/0x620 ? __virt_addr_valid+0x308/0x5b0 kasan_report+0xc1/0xf0 ? jffs2_sum_add_kvec+0x125e/0x15d0 ? jffs2_sum_add_kvec+0x125e/0x15d0 jffs2_sum_add_kvec+0x125e/0x15d0 jffs2_flash_direct_writev+0xa8/0xd0 jffs2_flash_writev+0x9c9/0xef0 ? __x64_sys_setxattr+0xc4/0x160 ? do_syscall_64+0x69/0x140 ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [...] Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

INFO

Published Date :

June 19, 2024, 2:15 p.m.

Last Modified :

Sept. 17, 2025, 9:09 p.m.

Remotely Exploit :

No

Source :

416baaa9-dc9f-4396-8d5f-8c081fb06d67
Affected Products

The following products are affected by CVE-2024-38599 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Linux linux_kernel
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH [email protected]
Solution
To address the JFFS2 vulnerability, update the affected kernel and related packages.
  • Update the affected kernel package.
  • Update the affected packages.
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-38599.

URL Resource
https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11 Patch
https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df Patch
https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275 Patch
https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07 Patch
https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b Patch
https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb Patch
https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913 Patch
https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098 Patch
https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8 Patch
https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11 Patch
https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df Patch
https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275 Patch
https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07 Patch
https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b Patch
https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb Patch
https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913 Patch
https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098 Patch
https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8 Patch
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-38599 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-38599 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-38599 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-38599 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Sep. 17, 2025

    Action Type Old Value New Value
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
    Added CWE CWE-125
    Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.9 up to (excluding) 6.9.3 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.7 up to (excluding) 6.8.12 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 6.2 up to (excluding) 6.6.33 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.16 up to (excluding) 6.1.93 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.11 up to (excluding) 5.15.161 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.5 up to (excluding) 5.10.219 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 2.6.18 up to (excluding) 4.19.316 *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.20 up to (excluding) 5.4.278
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098 Types: Patch
    Added Reference Type kernel.org: https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8 Types: Patch
    Added Reference Type CVE: https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8 Types: Patch
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11
    Added Reference https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df
    Added Reference https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275
    Added Reference https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07
    Added Reference https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b
    Added Reference https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb
    Added Reference https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913
    Added Reference https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098
    Added Reference https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jul. 15, 2024

    Action Type Old Value New Value
    Removed Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
  • CVE Modified by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 27, 2024

    Action Type Old Value New Value
    Added Reference kernel.org https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html [No types assigned]
  • CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67

    Jun. 19, 2024

    Action Type Old Value New Value
    Added Description In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren't split into parts and spread across multiple eraseblocks, which means that a xattr node must not occupy more than one eraseblock. If the requested xattr value is too large, the xattr node can spill onto the next eraseblock, overwriting the nodes and causing errors such as: jffs2: argh. node added in wrong place at 0x0000b050(2) jffs2: nextblock 0x0000a000, expected at 0000b00c jffs2: error: (823) do_verify_xattr_datum: node CRC failed at 0x01e050, read=0xfc892c93, calc=0x000000 jffs2: notice: (823) jffs2_get_inode_nodes: Node header CRC failed at 0x01e00c. {848f,2fc4,0fef511f,59a3d171} jffs2: Node at 0x0000000c with length 0x00001044 would run over the end of the erase block jffs2: Perhaps the file system was created with the wrong erase size? jffs2: jffs2_scan_eraseblock(): Magic bitmask 0x1985 not found at 0x00000010: 0x1044 instead This breaks the filesystem and can lead to KASAN crashes such as: BUG: KASAN: slab-out-of-bounds in jffs2_sum_add_kvec+0x125e/0x15d0 Read of size 4 at addr ffff88802c31e914 by task repro/830 CPU: 0 PID: 830 Comm: repro Not tainted 6.9.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xc4/0x620 ? __virt_addr_valid+0x308/0x5b0 kasan_report+0xc1/0xf0 ? jffs2_sum_add_kvec+0x125e/0x15d0 ? jffs2_sum_add_kvec+0x125e/0x15d0 jffs2_sum_add_kvec+0x125e/0x15d0 jffs2_flash_direct_writev+0xa8/0xd0 jffs2_flash_writev+0x9c9/0xef0 ? __x64_sys_setxattr+0xc4/0x160 ? do_syscall_64+0x69/0x140 ? entry_SYSCALL_64_after_hwframe+0x76/0x7e [...] Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
    Added Reference kernel.org https://git.kernel.org/stable/c/2904e1d9b64f72d291095e3cbb31634f08788b11 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/526235dffcac74c7823ed504dfac4f88d84ba5df [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f0eea095ce8c959b86e1e57fe36ca4fea5ae54f8 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/a1d21bcd78cf4a4353e1e835789429c6b76aca8b [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/f06969df2e40ab1dc8f4364a5de967830c74a098 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/af82d8d2179b7277ad627c39e7e0778f1c86ccdb [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/8d431391320c5c5398ff966fb3a95e68a7def275 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/978a12c91b38bf1a213e567f3c20e2beef215f07 [No types assigned]
    Added Reference kernel.org https://git.kernel.org/stable/c/c6854e5a267c28300ff045480b5a7ee7f6f1d913 [No types assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 7.1
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact