#VU95034 Integer overflow in Linux kernel - CVE-2024-42102

Vulnerability identifier: #VU95034

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42102

CWE-ID: CWE-190

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the wb_dirty_limits() function in mm/page-writeback.c. A local user can execute arbitrary code.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a
https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807
https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c
https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59
https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00
https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d
https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec
https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.