#VU93471 Buffer overflow in Linux kernel
Vulnerability identifier: #VU93471
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644
http://git.kernel.org/stable/c/b183fe8702e78bba3dcef8e7193cab6898abee07
http://git.kernel.org/stable/c/cfbbb3199e71b63fc26cee0ebff327c47128a1e8
http://git.kernel.org/stable/c/d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90
http://git.kernel.org/stable/c/6d2cbf517dcabc093159cf138ad5712c9c7fa954
http://git.kernel.org/stable/c/8b1413dbfe49646eda2c00c0f1144ee9d3368e0c
http://git.kernel.org/stable/c/dc3e0f55bec4410f3d74352c4a7c79f518088ee2
http://git.kernel.org/stable/c/5d1935ac02ca5aee364a449a35e2977ea84509b0
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
