In the Linux kernel, the following vulnerability has been resolved:

jfs: check if leafidx greater than num leaves per dmap tree

syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater
than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.

Shaggy:
Modified sanity check to apply to control pages as well as leaf pages.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
Linux Linux unaffected
Version Status Constraints
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected
< d76b9a4c283c7535ae7c7c9b14984e75402951e1
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected
< 35b91f15f44ce3c01eba058ccb864bb04743e792
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected
< 2451e5917c56be45d4add786e2a059dd9c2c37c4
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected
< 25d2a3ff02f22e215ce53355619df10cc5faa7ab
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected
< 058aa89b3318be3d66a103ba7c68d717561e1dc6
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected
< 7fff9a9f866e99931cf6fa260288e55d01626582
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected
< cb0eb10558802764f07de1dc439c4609e27cb4f0
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected
< 4a7bf6a01fb441009a6698179a739957efd88e38
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 affected
< d64ff0d2306713ff084d4b09f84ed1a8c75ecc32
Linux Linux affected
Version Status Constraints
2.6.12 affected
0 unaffected
< 2.6.12
4.19.323 unaffected
≤ 4.19.*
5.4.285 unaffected
≤ 5.4.*
5.10.227 unaffected
≤ 5.10.*
5.15.168 unaffected
≤ 5.15.*
6.1.113 unaffected
≤ 6.1.*
6.6.55 unaffected
≤ 6.6.*
6.10.14 unaffected
≤ 6.10.*
6.11.3 unaffected
≤ 6.11.*
6.12 unaffected
≤ *

Configuration 1 [-]

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

No data.

Subscriptions

Vendors Products
Linux Subscribe
Linux Kernel Subscribe

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4008-1 linux-6.1 security update
Debian DLA Debian DLA DLA-4075-1 linux security update
Ubuntu USN Ubuntu USN USN-7166-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7166-2 Linux kernel (AWS) vulnerabilities
Ubuntu USN Ubuntu USN USN-7166-3 Linux kernel (HWE) vulnerabilities
Ubuntu USN Ubuntu USN USN-7166-4 Linux kernel (Xilinx ZynqMP) vulnerabilities
Ubuntu USN Ubuntu USN USN-7186-1 Linux kernel (Intel IoTG) vulnerabilities
Ubuntu USN Ubuntu USN USN-7186-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7194-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-7276-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7277-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7293-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7294-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7294-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7294-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7294-4 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7295-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7301-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7303-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7303-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7303-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7304-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7310-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7311-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7332-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7332-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7332-3 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7342-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7344-1 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7344-2 Linux kernel vulnerabilities
Ubuntu USN Ubuntu USN USN-7384-1 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-7384-2 Linux kernel (Azure) vulnerabilities
Ubuntu USN Ubuntu USN USN-7385-1 Linux kernel (IBM) vulnerabilities
Ubuntu USN Ubuntu USN USN-7386-1 Linux kernel (OEM) vulnerabilities
Ubuntu USN Ubuntu USN USN-7393-1 Linux kernel (FIPS) vulnerabilities
Ubuntu USN Ubuntu USN USN-7401-1 Linux kernel (AWS) vulnerabilities
Ubuntu USN Ubuntu USN USN-7403-1 Linux kernel (HWE) vulnerabilities
Ubuntu USN Ubuntu USN USN-7413-1 Linux kernel (IoT) vulnerabilities
Ubuntu USN Ubuntu USN USN-7468-1 Linux kernel (Azure, N-Series) vulnerabilities
Ubuntu USN Ubuntu USN USN-7539-1 Linux kernel (Raspberry Pi) vulnerabilities
Ubuntu USN Ubuntu USN USN-7540-1 Linux kernel (Raspberry Pi) vulnerabilities
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://git.kernel.org/stable/c/058aa89b3318be3d66a103ba7c68d717561e1dc6 cve-icon cve-icon
https://git.kernel.org/stable/c/2451e5917c56be45d4add786e2a059dd9c2c37c4 cve-icon cve-icon
https://git.kernel.org/stable/c/25d2a3ff02f22e215ce53355619df10cc5faa7ab cve-icon cve-icon
https://git.kernel.org/stable/c/35b91f15f44ce3c01eba058ccb864bb04743e792 cve-icon cve-icon
https://git.kernel.org/stable/c/4a7bf6a01fb441009a6698179a739957efd88e38 cve-icon cve-icon
https://git.kernel.org/stable/c/7fff9a9f866e99931cf6fa260288e55d01626582 cve-icon cve-icon
https://git.kernel.org/stable/c/cb0eb10558802764f07de1dc439c4609e27cb4f0 cve-icon cve-icon
https://git.kernel.org/stable/c/d64ff0d2306713ff084d4b09f84ed1a8c75ecc32 cve-icon cve-icon
https://git.kernel.org/stable/c/d76b9a4c283c7535ae7c7c9b14984e75402951e1 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html cve-icon
https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html cve-icon
https://lore.kernel.org/linux-cve-announce/2024102120-CVE-2024-49902-0b84@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-49902 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49902 cve-icon
History

Mon, 03 Nov 2025 23:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Feb 2025 00:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

Wed, 13 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Fri, 08 Nov 2024 16:00:00 +0000

Type Values Removed Values Added
References

Wed, 23 Oct 2024 01:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 22 Oct 2024 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 21 Oct 2024 18:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf. Shaggy: Modified sanity check to apply to control pages as well as leaf pages.
Title jfs: check if leafidx greater than num leaves per dmap tree
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-01-05T10:54:18.224Z

Reserved: 2024-10-21T12:17:06.027Z

Link: CVE-2024-49902

cve-icon Vulnrichment

Updated: 2025-11-03T22:23:04.357Z

cve-icon NVD

Status : Modified

Published: 2024-10-21T18:15:12.700

Modified: 2025-11-03T23:16:30.010

Link: CVE-2024-49902

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-10-21T00:00:00Z

Links: CVE-2024-49902 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses