#VU102237 Buffer overflow in Linux kernel - CVE-2024-56708

Vulnerability identifier: #VU102237

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56708

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the igen6_register_mci() and igen6_unregister_mcis() functions in drivers/edac/igen6_edac.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/029ac07bb92d2f7502d47a4916f197a8445d83bf
https://git.kernel.org/stable/c/2a80e710bbc088a2511c159ee4d910456c5f0832
https://git.kernel.org/stable/c/830cabb61113d92a425dd3038ccedbdfb3c8d079
https://git.kernel.org/stable/c/db60326f2c47b079e36785ace621eb3002db2088
https://git.kernel.org/stable/c/e5c7052664b61f9e2f896702d20552707d0ef60a
https://git.kernel.org/stable/c/fefaae90398d38a1100ccd73b46ab55ff4610fba

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.