#VU100141 Buffer overflow in Linux kernel - CVE-2024-50208

Vulnerability identifier: #VU100141

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50208

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the bnxt_qplib_alloc_init_hwq() function in drivers/infiniband/hw/bnxt_re/qplib_res.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/de5857fa7bcc9a496a914c7e21390be873109f26
https://git.kernel.org/stable/c/ea701c1849e7250ea41a4f7493e0a5f136c1d47e
https://git.kernel.org/stable/c/87cb3b0054e53e0155b630bdf8fb714ded62565f
https://git.kernel.org/stable/c/daac56dd98e1ba814c878ac0acd482a37f2ab94b
https://git.kernel.org/stable/c/7988bdbbb85ac85a847baf09879edcd0f70521dc

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.