#VU92328 Out-of-bounds read in Linux kernel - CVE-2024-38559

Vulnerability identifier: #VU92328

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38559

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95
https://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59
https://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c
https://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255
https://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613
https://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d
https://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8
https://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9
https://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.