#VU91322 Information disclosure in Linux kernel - CVE-2024-36945


Vulnerability identifier: #VU91322

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36945

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the smc_ib_find_route() function in net/smc/smc_ib.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff
http://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2
http://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db
http://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Security Guardium
Multiple vulnerabilities in IBM Technical Support Appliance
Multiple vulnerabilities in IBM QRadar SIEM
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15 packages
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Ubuntu update for linux-lowlatency