#VU90318 Out-of-bounds read in Linux kernel - CVE-2024-26981
Vulnerability identifier: #VU90318
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/bdbe483da21f852c93b22557b146bc4d989260f0
https://git.kernel.org/stable/c/897ac5306bbeb83e90c437326f7044c79a17c611
https://git.kernel.org/stable/c/2382eae66b196c31893984a538908c3eb7506ff9
https://git.kernel.org/stable/c/90823f8d9ecca3d5fa6b102c8e464c62f416975f
https://git.kernel.org/stable/c/c4a7dc9523b59b3e73fd522c73e95e072f876b16
https://git.kernel.org/stable/c/054f29e9ca05be3906544c5f2a2c7321c30a4243
https://git.kernel.org/stable/c/90f43980ea6be4ad903e389be9a27a2a0018f1c8
https://git.kernel.org/stable/c/7061c7efbb9e8f11ce92d6b4646405ea2b0b4de1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
