#VU92376 Buffer overflow in Linux kernel - CVE-2024-38541
Vulnerability identifier: #VU92376
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38541
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6
https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e
https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a
https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
