#VU93325 Out-of-bounds read in Linux kernel - CVE-2024-39467
Vulnerability identifier: #VU93325
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sanity_check_inode() function in fs/f2fs/inode.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8
https://git.kernel.org/stable/c/75c87e2ac6149abf44bdde0dd6d541763ddb0dff
https://git.kernel.org/stable/c/1640dcf383cdba52be8b28d2a1a2aa7ef7a30c98
https://git.kernel.org/stable/c/8c8aa473fe6eb46a4bf99f3ea2dbe52bf0c1a1f0
https://git.kernel.org/stable/c/be0155202e431f3007778568a72432c68f8946ba
https://git.kernel.org/stable/c/68e3cd4ecb8603936cccdc338929130045df2e57
https://git.kernel.org/stable/c/20faaf30e55522bba2b56d9c46689233205d7717
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
