#VU93802 Buffer overflow in Linux kernel - CVE-2024-38617

Cybersecurity Help s.r.o.

Published: 2024-07-04

Vulnerability identifier: #VU93802

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38617

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the DEFINE_ALLOC_SIZE_TEST_PAIR() function in lib/fortify_kunit.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/7880dbf4eafe22a6a41a42e774f1122c814ed02d
http://git.kernel.org/stable/c/42d21c9727028fe7ee392223ba127484b1b8677e
http://git.kernel.org/stable/c/03758d5a0932016b6d5f5bfbca580177e6bc937a
http://git.kernel.org/stable/c/998b18072ceb0613629c256b409f4d299829c7ec

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Ubuntu update for linux-lowlatency

Ubuntu update for linux-oem-6.8

openEuler 24.03 LTS update for kernel

Ubuntu update for linux-nvidia-lowlatency

Ubuntu update for linux

SUSE update for the Linux Kernel

Buffer overflow in Linux kernel lib