#VU91360 Information disclosure in Linux kernel - CVE-2024-26973
Vulnerability identifier: #VU91360
Vulnerability risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63
https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f
https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6
https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee
https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375
https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb
https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688
https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6
https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
