#VU95037 Integer overflow in Linux kernel - CVE-2024-42223
Vulnerability identifier: #VU95037
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-190
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the tda10048_set_if() function in drivers/media/dvb-frontends/tda10048.c. A local user can execute arbitrary code.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a
https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce
https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0
https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af
https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd
https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1
https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8
https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a795760b07
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
