#VU100172 Out-of-bounds read in Linux kernel - CVE-2024-50247

Cybersecurity Help s.r.o.

Published: 2024-11-10

Vulnerability identifier: #VU100172

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50247

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the decompress_chunk() function in fs/ntfs3/lznt.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/e5ae7859008688626b4d2fa6139eeaa08e255053
https://git.kernel.org/stable/c/1b6bc5f7212181093b6c5310eea216fc09c721a9
https://git.kernel.org/stable/c/5f21e3e60982cd7353998b4f59f052134fd47d64
https://git.kernel.org/stable/c/4a4727bc582832f354e0d3d49838a401a28ae25e
https://git.kernel.org/stable/c/9931122d04c6d431b2c11b5bb7b10f28584067f0

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-nvidia-tegra

Ubuntu update for linux-xilinx-zynqmp

Ubuntu update for linux-aws-5.15

Ubuntu update for linux-hwe-5.15

Ubuntu update for linux-oem-6.11

Ubuntu update for linux-intel-iotg

Ubuntu update for linux-aws

Ubuntu update for linux-raspi

Ubuntu update for linux-ibm

Ubuntu update for linux-gcp