#VU93236 Buffer overflow in Linux kernel - CVE-2024-38623


Vulnerability identifier: #VU93236

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38623

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the fs/ntfs3/ntfs.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f
https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7
https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1
https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1
https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Security Guardium
Ubuntu update for linux-azure-fde-5.15
Ubuntu update for linux-hwe-6.8
Ubuntu update for linux-raspi
Ubuntu update for linux-lowlatency
Ubuntu update for linux-ibm-5.15
Ubuntu update for linux-xilinx-zynqmp
Ubuntu update for linux-nvidia-6.8
Ubuntu update for linux-azure
Ubuntu update for linux-lowlatency-hwe-6.8