#VU102086 Out-of-bounds read in Linux kernel - CVE-2024-56597
Vulnerability identifier: #VU102086
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAllocCtl() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/51a203470f502a64a3da8dcea51c4748e8267a6c
https://git.kernel.org/stable/c/52756a57e978e2706543a254f88f266cc6702f36
https://git.kernel.org/stable/c/6676034aa753aa448beb30dbd75630927ba7cd96
https://git.kernel.org/stable/c/a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d
https://git.kernel.org/stable/c/bbb24ce7f06ef9b7c05beb9340787cbe9fd3d08e
https://git.kernel.org/stable/c/c56245baf3fd1f79145dd7408e3ead034b74255c
https://git.kernel.org/stable/c/df7c76636952670b31bd6c12b3aed3c502122273
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
