#VU100173 Out-of-bounds read in Linux kernel - CVE-2024-50262

Vulnerability identifier: #VU100173

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50262

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trie_get_next_key() function in kernel/bpf/lpm_trie.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/e8494ac079814a53fbc2258d2743e720907488ed
https://git.kernel.org/stable/c/91afbc0eb3c90258ae378ae3c6ead3d2371e926d
https://git.kernel.org/stable/c/590976f921723d53ac199c01d5b7b73a94875e68
https://git.kernel.org/stable/c/86c8ebe02d8806dd8878d0063e8e185622ab6ea6
https://git.kernel.org/stable/c/a035df0b98df424559fd383e8e1a268f422ea2ba
https://git.kernel.org/stable/c/90a6e0e1e151ef7a9282e78f54c3091de2dcc99c
https://git.kernel.org/stable/c/c4b4f9a9ab82238cb158fa4fe61a8c0ae21a4980
https://git.kernel.org/stable/c/13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.