#VU102087 Out-of-bounds read in Linux kernel - CVE-2024-56596
Vulnerability identifier: #VU102087
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the jfs_readdir() function in fs/jfs/jfs_dtree.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/839f102efb168f02dfdd46717b7c6dddb26b015e
https://git.kernel.org/stable/c/8ff7579554571d92e3deab168f5a7d7b146ed368
https://git.kernel.org/stable/c/97e693593162eef6851d232f0c8148169ed46a5c
https://git.kernel.org/stable/c/9efe72eefd4c4a7ce63b3e4d667d766d2b360cb4
https://git.kernel.org/stable/c/b62f41aeec9d250144c53875b507c1d45ae8c8fc
https://git.kernel.org/stable/c/e7d376f94f72b020f84e77278b150ec1cc27502c
https://git.kernel.org/stable/c/ff9fc48fab0e1ea0d423c23c99b91bba178f0b05
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
