#VU96845 Out-of-bounds read in Linux kernel - CVE-2024-44988

Vulnerability identifier: #VU96845

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44988

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mv88e6xxx_g1_atu_prob_irq_thread_fn() function in drivers/net/dsa/mv88e6xxx/global1_atu.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/d39f5be62f098fe367d672b4dd4bc4b2b80e08e7
https://git.kernel.org/stable/c/050e7274ab2150cd212b2372595720e7b83a15bd
https://git.kernel.org/stable/c/a10d0337115a6d223a1563d853d4455f05d0b2e3
https://git.kernel.org/stable/c/18b2e833daf049223ab3c2efdf8cdee08854c484
https://git.kernel.org/stable/c/f7d8c2fabd39250cf2333fbf8eef67e837f90a5d
https://git.kernel.org/stable/c/f87ce03c652dba199aef15ac18ade3991db5477e
https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.