Out-of-bounds read in Linux kernel

#VU94839 Out-of-bounds read in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-07-29

Vulnerability identifier: #VU94839

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-41019

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the check_rstbl() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0
http://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440
http://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a
http://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319
http://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4
http://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-aws

Ubuntu update for linux-nvidia

Ubuntu update for linux-azure

Ubuntu update for linux-azure-6.8

Ubuntu update for linux

openEuler 22.03 LTS SP4 update for kernel

openEuler 22.03 LTS SP1 update for kernel

openEuler 22.03 LTS SP3 update for kernel

openEuler 24.03 LTS update for kernel

Fedora 40 update for kernel