#VU93470 Buffer overflow in Linux kernel
Vulnerability identifier: #VU93470
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the efi_capsule_open() function in drivers/firmware/efi/capsule-loader.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/00cf21ac526011a29fc708f8912da446fac19f7b
http://git.kernel.org/stable/c/950d4d74d311a18baed6878dbfba8180d7e5dddd
http://git.kernel.org/stable/c/537e3f49dbe88881a6f0752beaa596942d9efd64
http://git.kernel.org/stable/c/4b73473c050a612fb4317831371073eda07c3050
http://git.kernel.org/stable/c/ddc547dd05a46720866c32022300f7376c40119f
http://git.kernel.org/stable/c/11aabd7487857b8e7d768fefb092f66dfde68492
http://git.kernel.org/stable/c/62a5dcd9bd3097e9813de62fa6f22815e84a0172
http://git.kernel.org/stable/c/fccfa646ef3628097d59f7d9c1a3e84d4b6bb45e
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
