#VU100620 Out-of-bounds read in Linux kernel - CVE-2024-50279

Vulnerability identifier: #VU100620

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50279

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the can_resize() function in drivers/md/dm-cache-target.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/4fa4feb873cea0e9d6ff883b37cca6f33169d8b4
https://git.kernel.org/stable/c/8501e38dc9e0060814c4085815fc83da3e6d43bf
https://git.kernel.org/stable/c/ee1f74925717ab36f6a091104c170639501ce818
https://git.kernel.org/stable/c/ff1dd8a04c30e8d4e2fd5c83198ca672eb6a9e7f
https://git.kernel.org/stable/c/56507203e1b6127967ec2b51fb0b23a0d4af1334
https://git.kernel.org/stable/c/e57648ce325fa405fe6bbd0e6a618ced7c301a2d
https://git.kernel.org/stable/c/3b02c40ff10fdf83cc545850db208de855ebe22c
https://git.kernel.org/stable/c/792227719725497ce10a8039803bec13f89f8910

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.