Buffer overflow in Linux kernel

#VU94467 Buffer overflow in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-07-17

Vulnerability identifier: #VU94467

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48806

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ee1004_eeprom_read() function in drivers/misc/eeprom/ee1004.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/3937c35493ee2847aaefcfa5460e94b7443eef49
http://git.kernel.org/stable/c/a37960df7eac3cc8094bd1ab84864e9e32c91345
http://git.kernel.org/stable/c/9a5f471ae380f9fcb9756d453c12ca1f8595a93c
http://git.kernel.org/stable/c/9443ddeb3754e9e382a396b50adc1961301713ce
http://git.kernel.org/stable/c/c0689e46be23160d925dca95dfc411f1a0462708

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Buffer overflow in Linux kernel misc eeprom driver