#VU91345 Information disclosure in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91345

Vulnerability risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35849

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772
http://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86
http://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6
http://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d
http://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6
http://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc
http://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54
http://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS update for kernel
Information disclosure in Linux kernel btrfs