#VU91119 Use of Out-of-range Pointer Offset in Linux kernel - CVE-2024-26926
Vulnerability identifier: #VU91119
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-823
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/aaef73821a3b0194a01bd23ca77774f704a04d40
http://git.kernel.org/stable/c/a2fd6dbc98be1105a1d8e9e31575da8873ef115c
http://git.kernel.org/stable/c/a6d2a8b211c874971ee4cf3ddd167408177f6e76
http://git.kernel.org/stable/c/1d7f1049035b2060342f11eff957cf567d810bdc
http://git.kernel.org/stable/c/f01d6619045704d78613b14e2e0420bfdb7f1c15
http://git.kernel.org/stable/c/68a28f551e4690db2b27b3db716c7395f6fada12
http://git.kernel.org/stable/c/48a1f83ca9c68518b1a783c62e6a8223144fa9fc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
