#VU93326 Out-of-bounds read in Linux kernel


Published: 2024-06-25

Vulnerability identifier: #VU93326

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-39471

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8
http://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f
http://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a
http://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46
http://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691
http://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3
http://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability