#VU90308 Out-of-bounds read in Linux kernel


Published: 2024-05-31

Vulnerability identifier: #VU90308

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35907

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mlxbf_gige_open() function in drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/a583117668ddb86e98f2e11c7caa3db0e6df52a3
http://git.kernel.org/stable/c/24444af5ddf729376b90db0f135fa19973cb5dab
http://git.kernel.org/stable/c/867a2f598af6a645c865d1101b58c5e070c6dd9e
http://git.kernel.org/stable/c/8feb1652afe9c5d019059a55c90f70690dce0f52
http://git.kernel.org/stable/c/f7442a634ac06b953fc1f7418f307b25acd4cfbc


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability