#VU104974 Out-of-bounds read in Linux kernel - CVE-2024-58014
Vulnerability identifier: #VU104974
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-58014
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the wlc_phy_iqcal_gainparams_nphy() function in drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_n.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7, 6.12.8, 6.12.9, 6.12.10, 6.12.11, 6.12.12, 6.12.13
External links
https://git.kernel.org/stable/c/093286c33409bf38896f2dab0c0bb6ca388afb33
https://git.kernel.org/stable/c/3f4a0948c3524ae50f166dbc6572a3296b014e62
https://git.kernel.org/stable/c/6f6e293246dc1f5b2b6b3d0f2d757598489cda79
https://git.kernel.org/stable/c/ada9df08b3ef683507e75b92f522fb659260147f
https://git.kernel.org/stable/c/c27ce584d274f6ad3cba2294497de824a3c66646
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.14
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
