Out-of-bounds write in Linux kernel

#VU92191 Out-of-bounds write in Linux kernel

Published: 2024-06-18

Vulnerability identifier: #VU92191

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46974

CWE-ID: CWE-787

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper handling of masking negation logic upon a negative destination register. A local user can cause a denial of service by exploiting this flaw.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://git.kernel.org/stable/c/4d542ddb88fb2f39bf7f14caa2902f3e8d06f6ba
http://git.kernel.org/stable/c/0e2dfdc74a7f4036127356d42ea59388f153f42c
http://git.kernel.org/stable/c/53e0db429b37a32b8fc706d0d90eb4583ad13848
http://git.kernel.org/stable/c/2cfa537674cd1051a3b8111536d77d0558f33d5d
http://git.kernel.org/stable/c/6eba92a4d4be8feb4dc33976abac544fa99d6ecc
http://git.kernel.org/stable/c/7cf64d8679ca1cb20cf57d6a88bfee79a0922a66
http://git.kernel.org/stable/c/b9b34ddbe2076ade359cd5ce7537d5ed019e9807

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell Cloud Tiering Appliance

Multiple vulnerabilities in Dell Secure Connect Gateway