#VU90303 Out-of-bounds read in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90303

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35967

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/b0e30c37695b614bee69187f86eaf250e36606ce
http://git.kernel.org/stable/c/7bc65d23ba20dcd7ecc094a12c181e594e5eb315
http://git.kernel.org/stable/c/72473db90900da970a16ee50ad23c2c38d107d8c
http://git.kernel.org/stable/c/419a0ffca7010216f0fc265b08558d7394fa0ba7
http://git.kernel.org/stable/c/51eda36d33e43201e7a4fd35232e069b2c850b01

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Ubuntu update for linux-oracle
Ubuntu update for linux-aws
Ubuntu update for linux-gke
Ubuntu update for linux
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel