Buffer overflow in Linux kernel

#VU93627 Buffer overflow in Linux kernel

Published: 2024-07-02

Vulnerability identifier: #VU93627

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46920

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to memory corruption within the process_misc_interrupts() function in drivers/dma/idxd/irq.c. A local user can manipulate data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/a5ad12d5d69c63af289a37f05187a0c6fe93553d
http://git.kernel.org/stable/c/02981a44a0e402089775416371bd2e0c935685f8
http://git.kernel.org/stable/c/ea941ac294d75d0ace50797aebf0056f6f8f7a7f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Buffer overflow in Linux kernel dma idxd driver