Buffer overflow in Linux kernel nilfs2



Published: 2024-09-18
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-46780
CWE-ID CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU97564

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46780

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_dev_revision_show(), nilfs_dev_device_size_show(), nilfs_dev_uuid_show() and nilfs_dev_volume_name_show() functions in fs/nilfs2/sysfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/b90beafac05931cbfcb6b1bd4f67c1923f47040e
http://git.kernel.org/stable/c/ba97ba173f9625d5f34a986088979eae8b80d38e
http://git.kernel.org/stable/c/157c0d94b4c40887329418c70ef4edd1a8d6b4ed
http://git.kernel.org/stable/c/b14e7260bb691d7f563f61da07d61e3c8b59a614
http://git.kernel.org/stable/c/19cfeba0e4b8eda51484fcf8cf7d150418e1d880
http://git.kernel.org/stable/c/8c6e43b3d5f109cf9c61bc188fcc8175404e924f
http://git.kernel.org/stable/c/962562d4c70c5cdeb4e955d63ff2017c4eca1aad
http://git.kernel.org/stable/c/683408258917541bdb294cd717c210a04381931e


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###