#VU98902 Out-of-bounds read in Linux kernel - CVE-2024-50007
Vulnerability identifier: #VU98902
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the HPIMSGX__init() function in sound/pci/asihpi/hpimsgx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/219587bca2678e31700ef09ecec178ba1f735674
http://git.kernel.org/stable/c/36ee4021bcc37b834996e79740d095d6f8dd948f
http://git.kernel.org/stable/c/e658227d9d4f4e122d81690fdbc0d438b10288f5
http://git.kernel.org/stable/c/7a55740996701f7b2bc46dc988b60ef2e416a747
http://git.kernel.org/stable/c/ad7248a5e92587b9266c62db8bcc4e58de53e372
http://git.kernel.org/stable/c/876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d
http://git.kernel.org/stable/c/7b986c7430a6bb68d523dac7bfc74cbd5b44ef96
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
