Buffer overflow in Linux kernel ipv4
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-26733 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587
http://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50
http://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0
http://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91
http://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a
http://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
