#VU93594 Out-of-bounds write in Linux kernel
Vulnerability identifier: #VU93594
Vulnerability risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-787
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/7e2c1b0f6dd9abde9e60f0f9730026714468770f
http://git.kernel.org/stable/c/6d5dc96b154be371df0d62ecb07efe400701ed8a
http://git.kernel.org/stable/c/5cd466673b34bac369334f66cbe14bb77b7d7827
http://git.kernel.org/stable/c/9af1658ba293458ca6a13f70637b9654fa4be064
http://git.kernel.org/stable/c/629af0d5fe94a35f498ba2c3f19bd78bfa591be6
http://git.kernel.org/stable/c/22cad1b841a63635a38273b799b4791f202ade72
http://git.kernel.org/stable/c/c8a24fd281dcdf3c926413dafbafcf35cde517a9
http://git.kernel.org/stable/c/6d88b289fb0a8d055cb79d1c46a56aba7809d96d
http://git.kernel.org/stable/c/a39d51ff1f52cd0b6fe7d379ac93bd8b4237d1b7
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
