#VU94952 Out-of-bounds read in Linux kernel - CVE-2024-42148

Vulnerability identifier: #VU94952

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42148

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/ethernet/broadcom/bnx2x/bnx2x.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/cfb04472ce33bee2579caf4dc9f4242522f6e26e
https://git.kernel.org/stable/c/cbe53087026ad929cd3950508397e8892a6a2a0f
https://git.kernel.org/stable/c/8b17cec33892a66bbd71f8d9a70a45e2072ae84f
https://git.kernel.org/stable/c/0edae06b4c227bcfaf3ce21208d49191e1009d3b
https://git.kernel.org/stable/c/9504a1550686f53b0bab4cab31d435383b1ee2ce
https://git.kernel.org/stable/c/f1313ea92f82451923e28ab45a4aaa0e70e80b98
https://git.kernel.org/stable/c/b9ea38e767459111a511ed4fb74abc37db95a59d
https://git.kernel.org/stable/c/134061163ee5ca4759de5c24ca3bd71608891ba7

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.