#VU89675 Buffer overflow in Linux kernel - CVE-2024-27401
Vulnerability identifier: #VU89675
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98
https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285
https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239
https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb
https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b
https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f
https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa
https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
