#VU92325 Out-of-bounds read in Linux kernel


Published: 2024-06-20

Vulnerability identifier: #VU92325

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38568

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hns3_pmu_validate_event_group() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/3669baf308308385a2ab391324abdde5682af5aa
http://git.kernel.org/stable/c/be1fa711e59c874d049f592aef1d4685bdd22bdf
http://git.kernel.org/stable/c/b5120d322763c15c978bc47beb3b6dff45624304
http://git.kernel.org/stable/c/aa2d3d678895c8eedd003f1473f87d3f06fe6ec7
http://git.kernel.org/stable/c/81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability