#VU93024 Out-of-bounds read in Linux kernel - CVE-2024-37356

Vulnerability identifier: #VU93024

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37356

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/ipv4/tcp_dctcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6
https://git.kernel.org/stable/c/6aacaa80d962f4916ccf90e2080306cec6c90fcf
https://git.kernel.org/stable/c/e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31
https://git.kernel.org/stable/c/8602150286a2a860a1dc55cbd04f99316f19b40a
https://git.kernel.org/stable/c/e65d13ec00a738fa7661925fd5929ab3c765d4be
https://git.kernel.org/stable/c/02261d3f9dc7d1d7be7d778f839e3404ab99034c
https://git.kernel.org/stable/c/237340dee373b97833a491d2e99fcf1d4a9adafd
https://git.kernel.org/stable/c/3ebc46ca8675de6378e3f8f40768e180bb8afa66

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.