#VU92328 Out-of-bounds read in Linux kernel


Published: 2024-06-20

Vulnerability identifier: #VU92328

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38559

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/1f84a2744ad813be23fc4be99fb74bfb24aadb95
http://git.kernel.org/stable/c/a75001678e1d38aa607d5b898ec7ff8ed0700d59
http://git.kernel.org/stable/c/769b9fd2af02c069451fe9108dba73355d9a021c
http://git.kernel.org/stable/c/dccd97b39ab2f2b1b9a47a1394647a4d65815255
http://git.kernel.org/stable/c/d93318f19d1e1a6d5f04f5d965eaa9055bb7c613
http://git.kernel.org/stable/c/563e609275927c0b75fbfd0d90441543aa7b5e0d
http://git.kernel.org/stable/c/4907f5ad246fa9b51093ed7dfc7da9ebbd3f20b8
http://git.kernel.org/stable/c/177f43c6892e6055de6541fe9391a8a3d1f95fc9
http://git.kernel.org/stable/c/d0184a375ee797eb657d74861ba0935b6e405c62


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability