#VU103478 Input validation error in Linux kernel - CVE-2024-57917


Vulnerability identifier: #VU103478

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57917

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an unspecified issue in drivers/base/topology.c. A local user can gain access to sensitive information.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/1c7818e2746e747838a3de1687e89eac7b947f08
https://git.kernel.org/stable/c/360596e7fe319a5db1b5fb34a3952862ae53c924
https://git.kernel.org/stable/c/b02cf1d27e460ab2b3e1c8c9ce472d562cad2e8d
https://git.kernel.org/stable/c/ca47e933a900492d89dcf5db18a99c28bd4a742d
https://git.kernel.org/stable/c/cbd399f78e23ad4492c174fc5e6b3676dba74a52

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-azure-5.15
Ubuntu update for linux-hwe-5.15
Ubuntu update for linux-raspi
Ubuntu update for linux-nvidia-tegra
Ubuntu update for linux-xilinx-zynqmp
Ubuntu update for linux-intel-iot-realtime
Ubuntu update for linux-aws-fips
Ubuntu update for linux
Ubuntu update for linux-aws-5.15
Ubuntu update for linux