#VU91393 Out-of-bounds read in Linux kernel - CVE-2024-26965
Vulnerability identifier: #VU91393
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/99740c4791dc8019b0d758c5389ca6d1c0604d95
https://git.kernel.org/stable/c/86bf75d9158f511db7530bc82a84b19a5134d089
https://git.kernel.org/stable/c/3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060
https://git.kernel.org/stable/c/8f562f3b25177c2055b20fd8cf000496f6fa9194
https://git.kernel.org/stable/c/537040c257ab4cd0673fbae048f3940c8ea2e589
https://git.kernel.org/stable/c/7e9926fef71e514b4a8ea9d11d5a84d52b181362
https://git.kernel.org/stable/c/ae99e199037c580b7350bfa3596f447a53bcf01f
https://git.kernel.org/stable/c/ca2cf98d46748373e830a13d85d215d64a2d9bf2
https://git.kernel.org/stable/c/e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
