#VU93400 Buffer overflow in Linux kernel
Vulnerability identifier: #VU93400
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the kasan_init_region() function in arch/powerpc/mm/kasan/kasan_init_32.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/230e89b5ad0a33f530a2a976b3e5e4385cb27882
http://git.kernel.org/stable/c/2738e0aa2fb24a7ab9c878d912dc2b239738c6c6
http://git.kernel.org/stable/c/0c09912dd8387e228afcc5e34ac5d79b1e3a1058
http://git.kernel.org/stable/c/0516c06b19dc64807c10e01bb99b552bdf2d7dbe
http://git.kernel.org/stable/c/70ef2ba1f4286b2b73675aeb424b590c92d57b25
http://git.kernel.org/stable/c/4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
