#VU96885 Buffer overflow in Linux kernel - CVE-2024-44969
Vulnerability identifier: #VU96885
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe
https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05
https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148
https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463
https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79
https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633
https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506
https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
