#VU93400 Buffer overflow in Linux kernel - CVE-2024-26712
Vulnerability identifier: #VU93400
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the kasan_init_region() function in arch/powerpc/mm/kasan/kasan_init_32.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/230e89b5ad0a33f530a2a976b3e5e4385cb27882
https://git.kernel.org/stable/c/2738e0aa2fb24a7ab9c878d912dc2b239738c6c6
https://git.kernel.org/stable/c/0c09912dd8387e228afcc5e34ac5d79b1e3a1058
https://git.kernel.org/stable/c/0516c06b19dc64807c10e01bb99b552bdf2d7dbe
https://git.kernel.org/stable/c/70ef2ba1f4286b2b73675aeb424b590c92d57b25
https://git.kernel.org/stable/c/4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
