#VU90317 Out-of-bounds read in Linux kernel - CVE-2024-26952


Vulnerability identifier: #VU90317

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26952

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the smb2_tree_connect(), smb2_open(), smb2_query_dir(), smb2_get_ea(), smb2_set_info_file(), smb2_set_info(), fsctl_pipe_transceive() and smb2_ioctl() functions in fs/smb/server/smb2pdu.c, within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/2dcda336b6e80b72d58d30d40f2fad9724e5fe63
https://git.kernel.org/stable/c/0c5541b4c980626fa3cab16ba1a451757778bbb5
https://git.kernel.org/stable/c/c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da
https://git.kernel.org/stable/c/39bdc4197acf2ed13269167ccf093ee28cfa2a4e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 24.03 LTS SP1 update for kernel
openEuler 22.03 LTS SP3 update for kernel
openEuler 22.03 LTS SP4 update for kernel
openEuler 24.03 LTS update for kernel
Multiple vulnerabilities in IBM Security Guardium
Debian update for linux
Ubuntu update for linux-xilinx-zynqmp
Ubuntu update for linux-oracle-5.15
Ubuntu update for linux-azure
Ubuntu update for linux-gcp-5.15