#VU100733 Buffer overflow in Linux kernel - CVE-2024-53061
Vulnerability identifier: #VU100733
Vulnerability risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the exynos4_jpeg_parse_decode_h_tbl(), get_word_be() and s5p_jpeg_parse_hdr() functions in drivers/media/platform/s5p-jpeg/jpeg-core.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51
http://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b
http://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef
http://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e
http://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e
http://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd
http://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b95ff6f51
http://git.kernel.org/stable/c/14a22762c3daeac59a5a534e124acbb4d7a79b3a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
