#VU97786 Out-of-bounds read in Linux kernel - CVE-2024-46828


Vulnerability identifier: #VU97786

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46828

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb
https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd
https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4
https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094
https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447
https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c
https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability