#VU93155 Buffer overflow in Linux kernel


Vulnerability identifier: #VU93155

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26956

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
http://git.kernel.org/stable/c/b67189690eb4b7ecc84ae16fa1e880e0123eaa35
http://git.kernel.org/stable/c/9cbe1ad5f4354f4df1445e5f4883983328cd6d8e
http://git.kernel.org/stable/c/c3b5c5c31e723b568f83d8cafab8629d9d830ffb
http://git.kernel.org/stable/c/2e2619ff5d0def4bb6c2037a32a6eaa28dd95c84
http://git.kernel.org/stable/c/46b832e09d43b394ac0f6d9485d2b1a06593f0b7
http://git.kernel.org/stable/c/f69e81396aea66304d214f175aa371f1b5578862
http://git.kernel.org/stable/c/a8e4d098de1c0f4c5c1f2ed4633a860f0da6d713
http://git.kernel.org/stable/c/82827ca21e7c8a91384c5baa656f78a5adfa4ab4
http://git.kernel.org/stable/c/f2f26b4a84a0ef41791bd2d70861c8eac748f4ba


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability