Buffer overflow in Linux kernel

#VU92952 Buffer overflow in Linux kernel

Published: 2024-06-20

Vulnerability identifier: #VU92952

Vulnerability risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26733

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587
http://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50
http://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0
http://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91
http://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a
http://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Buffer overflow in Linux kernel ipv4