Vulnerability identifier: #VU92380

Vulnerability risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38596

CWE-ID: CWE-366

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the unix_stream_sendmsg() function in net/unix/af_unix.c. A local user can manipulate data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a
http://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe
http://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055
http://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5
http://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c
http://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb
http://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707526e8f9
http://git.kernel.org/stable/c/a52fa2addfcccc2c5a0217fd45562605088c018b
http://git.kernel.org/stable/c/540bf24fba16b88c1b3b9353927204b4f1074e25

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.