Buffer overflow in Linux kernel

#VU100137 Buffer overflow in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-11-08

Vulnerability identifier: #VU100137

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50180

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the sisfb_search_mode() function in drivers/video/fbdev/sis/sis_main.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/252f147b1826cbb30ae0304cf86b66d3bb12b743
http://git.kernel.org/stable/c/41cf6f26abe4f491b694c54bd1aa2530369b7510
http://git.kernel.org/stable/c/889304120ecb2ca30674d89cd4ef15990b6a571c
http://git.kernel.org/stable/c/688872c4ea4a528cd6a057d545c83506b533ee1f
http://git.kernel.org/stable/c/11c0d49093b82f6c547fd419c41a982d26bdf5ef
http://git.kernel.org/stable/c/9cf14f5a2746c19455ce9cb44341b5527b5e19c3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 24.03 LTS update for kernel

Buffer overflow in Linux kernel fbdev sis driver