#VU91397 Out-of-bounds read in Linux kernel - CVE-2024-26969
Vulnerability identifier: #VU91397
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/e117c6e2d1617520f5f7d7f6f6b395f01d8b5a27
https://git.kernel.org/stable/c/83fe1bbd9e259ad109827ccfbfc2488e0dea8e94
https://git.kernel.org/stable/c/851cc19bdb02556fb13629b3e4fef6f2bdb038fe
https://git.kernel.org/stable/c/9de184d4e557d550fb0b7b833b676bda4f269e4f
https://git.kernel.org/stable/c/dd92b159c506804ac57adf3742d9728298bb1255
https://git.kernel.org/stable/c/b6b31b4c67ea6bd9222e5b73b330554c57f2f90d
https://git.kernel.org/stable/c/fc3ac2fcd0a7fad63eba1b359490a4b81720d0f9
https://git.kernel.org/stable/c/be9e2752d823eca1d5af67014a1844a9176ff566
https://git.kernel.org/stable/c/1040ef5ed95d6fd2628bad387d78a61633e09429
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
