Buffer overflow in Linux kernel nilfs2
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-26956 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU93155
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26956
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/b67189690eb4b7ecc84ae16fa1e880e0123eaa35
http://git.kernel.org/stable/c/9cbe1ad5f4354f4df1445e5f4883983328cd6d8e
http://git.kernel.org/stable/c/c3b5c5c31e723b568f83d8cafab8629d9d830ffb
http://git.kernel.org/stable/c/2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84
http://git.kernel.org/stable/c/46b832e09d43b394ac0f6d9485d2b1a06593f0b7
http://git.kernel.org/stable/c/f69e81396aea66304d214f175aa371f1b5578862
http://git.kernel.org/stable/c/a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713
http://git.kernel.org/stable/c/82827ca21e7c8a91384c5baa656f78a5adfa4ab4
http://git.kernel.org/stable/c/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
