#VU91095 Out-of-bounds read in Linux kernel - CVE-2024-27008
Vulnerability identifier: #VU91095
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04
https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face
https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042
https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5
https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e
https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb
https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1
https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
