Vulnerability identifier: #VU89679

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26610

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a
http://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd
http://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32
http://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b
http://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67
http://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.