#VU95040 Buffer overflow in Linux kernel - CVE-2024-42094
Vulnerability identifier: #VU95040
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the iucv_setmask_mp() and iucv_cpu_online() functions in net/iucv/iucv.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/2b085521be5292016097b5e7ca81b26be3f7098d
https://git.kernel.org/stable/c/842afb47d84536fc976fece8fb6c54bea711ad1a
https://git.kernel.org/stable/c/9dadab0db7d904413ea1cdaa13f127da05c31e71
https://git.kernel.org/stable/c/0af718a690acc089aa1bbb95a93df833d864ef53
https://git.kernel.org/stable/c/d85ca8179a54ff8cf1e1f8c3c9e3799831319bae
https://git.kernel.org/stable/c/724e7965af054079242b8d6f7e50ee226730a756
https://git.kernel.org/stable/c/2d090c7f7be3b26fcb80ac04d08a4a8062b1d959
https://git.kernel.org/stable/c/be4e1304419c99a164b4c0e101c7c2a756b635b9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
