#VU91360 Information disclosure in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91360

Vulnerability risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26973

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63
http://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f
http://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6
http://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee
http://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375
http://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb
http://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688
http://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6
http://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 8 update for kernel-rt
Information disclosure in Linux kernel fat