#VU91312 Buffer overflow in Linux kernel - CVE-2024-26889
Vulnerability identifier: #VU91312
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26889
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/6d5a9d4a7bcbb7534ce45a18a52e7bd23e69d8ac
https://git.kernel.org/stable/c/54a03e4ac1a41edf8a5087bd59f8241b0de96d3d
https://git.kernel.org/stable/c/d47e6c1932cee02954ea588c9f09fd5ecefeadfc
https://git.kernel.org/stable/c/2e845867b4e279eff0a19ade253390470e07e8a1
https://git.kernel.org/stable/c/68644bf5ec6baaff40fc39b3529c874bfda709bd
https://git.kernel.org/stable/c/a41c8efe659caed0e21422876bbb6b73c15b5244
https://git.kernel.org/stable/c/8c28598a2c29201d2ba7fc37539a7d41c264fb10
https://git.kernel.org/stable/c/2edce8e9a99dd5e4404259d52e754fdc97fb42c2
https://git.kernel.org/stable/c/81137162bfaa7278785b24c1fd2e9e74f082e8e4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
