#VU102092 Out-of-bounds read in Linux kernel - CVE-2024-53214
Vulnerability identifier: #VU102092
Vulnerability risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vfio_virt_config_read() and vfio_config_do_rw() functions in drivers/vfio/pci/vfio_pci_config.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/06f2fcf49854ad05a09d09e0dbee6544fff04695
http://git.kernel.org/stable/c/0918f5643fc6c3f7801f4a22397d2cc09ba99207
http://git.kernel.org/stable/c/1ef195178fb552478eb2587df4ad3be14ef76507
http://git.kernel.org/stable/c/4464e5aa3aa4574063640f1082f7d7e323af8eb4
http://git.kernel.org/stable/c/6c6502d944168cbd7e03a4a08ad6488f78d73485
http://git.kernel.org/stable/c/7d121f66b67921fb3b95e0ea9856bfba53733e91
http://git.kernel.org/stable/c/949bee8065a85a5c6607c624dc05b5bc17119699
http://git.kernel.org/stable/c/9567bd34aa3b986736c290c5bcba47e0182ac47a
http://git.kernel.org/stable/c/fe4bf8d0b6716a423b16495d55b35d3fe515905d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
