#VU91355 Information disclosure in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91355

Vulnerability risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26993

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c
http://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b
http://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957
http://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4
http://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78
http://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5
http://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063
http://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.12
Red Hat Enterprise Linux 8 update for kernel
Red Hat Enterprise Linux 8 update for kernel-rt
Red Hat Enterprise Linux 9 update for kernel
openEuler 22.03 LTS update for kernel
Information disclosure in Linux kernel sysfs