#VU105054 Buffer overflow in Linux kernel - CVE-2024-54456

Cybersecurity Help s.r.o.

Published: 2025-02-27

Vulnerability identifier: #VU105054

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-54456

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfs_sysfs_link_rpc_client() function in fs/nfs/sysfs.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/19b3ca651b4b473878c73539febe477905041442
https://git.kernel.org/stable/c/49fd4e34751e90e6df009b70cd0659dc839e7ca8
https://git.kernel.org/stable/c/dd8830779b77f4d1206d28d02ad56a03fc0e78f7
https://git.kernel.org/stable/c/e8e0eb5601d4a6c74c336e3710afe3a0348c469d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 24.03 LTS SP1 update for kernel

openEuler 24.03 LTS update for kernel

Buffer overflow in Linux kernel nfs