#VU94839 Out-of-bounds read in Linux kernel - CVE-2024-41019
Vulnerability identifier: #VU94839
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_rstbl() function in fs/ntfs3/fslog.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/35652dfa8cc9a8a900ec0f1e0395781f94ffc5f0
https://git.kernel.org/stable/c/818a257428644b8873e79c44404d8fb6598d4440
https://git.kernel.org/stable/c/6ae7265a7b816879fd0203e83b5030d3720bbb7a
https://git.kernel.org/stable/c/82c94e6a7bd116724738aa67eba6f5fedf3a3319
https://git.kernel.org/stable/c/617cf144c206f98978ec730b17159344fd147cb4
https://git.kernel.org/stable/c/50c47879650b4c97836a0086632b3a2e300b0f06
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
