#VU91394 Out-of-bounds read in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91394

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26966

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/5533686e99b04994d7c4877dc0e4282adc9444a2
http://git.kernel.org/stable/c/b2dfb216f32627c2f6a8041f2d9d56d102ab87c0
http://git.kernel.org/stable/c/a09aecb6cb482de88301c43bf00a6c8726c4d34f
http://git.kernel.org/stable/c/3aedcf3755c74dafc187eb76acb04e3e6348b1a9
http://git.kernel.org/stable/c/185de0b7cdeaad8b89ebd4c8a258ff2f21adba99
http://git.kernel.org/stable/c/9b4c4546dd61950e80ffdca1bf6925f42b665b03
http://git.kernel.org/stable/c/7e5432401536117c316d7f3b21d46b64c1514f38
http://git.kernel.org/stable/c/5638330150db2cc30b53eed04e481062faa3ece8
http://git.kernel.org/stable/c/a903cfd38d8dee7e754fb89fd1bebed99e28003d


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability