How severe is CVE-2024-40902?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-40902?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2024-40902 - HIGH Severity | CVSS 7.8

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log.

Related Vulnerabilities

CVE-2002-0969

HIGH

CVSS:7.8(High)

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini init...

CWE-1202002

CVE-2004-0210

HIGH

CVSS:7.8(High)

The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overf...

CWE-1202004

CVE-2007-5659

HIGH

CVSS:7.8(High)

Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: thi...

CWE-1202007

CVE-2010-2492

HIGH

CVSS:7.8(High)

Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of se...

CWE-1202010

CVE-2010-2572

HIGH

CVSS:7.8(High)

Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerabil...

CWE-1202010

CVE-2011-1145

HIGH

CVSS:7.8(High)

The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.

CWE-1202011