#VU102085 Out-of-bounds read in Linux kernel - CVE-2024-56598
Vulnerability identifier: #VU102085
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dtReadFirst() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/22dcbf7661c6ffc3247978c254dc40b833a0d429
https://git.kernel.org/stable/c/25f1e673ef61d6bf9a6022e27936785896d74948
https://git.kernel.org/stable/c/2eea5fda5556ef03defebf07b0a12fcd2c5210f4
https://git.kernel.org/stable/c/823d573f5450ca6be80b36f54d1902ac7cd23fb9
https://git.kernel.org/stable/c/8c97a4d5463a1c972ef576ac499ea9b05f956097
https://git.kernel.org/stable/c/ca84a2c9be482836b86d780244f0357e5a778c46
https://git.kernel.org/stable/c/fd993b2180b4c373af8b99aa28d4dcda5c2a8f10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
