#VU98903 Out-of-bounds read in Linux kernel - CVE-2024-49886

Vulnerability identifier: #VU98903

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49886

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the _isst_if_get_pci_dev() function in drivers/platform/x86/intel/speed_select_if/isst_if_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/1973c4d8ee0782a808303d75e3be9c12baaacd97
https://git.kernel.org/stable/c/cdd03afcb6eda3103da5a0948d3db12372f62910
https://git.kernel.org/stable/c/8176d4878ed2af5d93ddd0e971e24c412124d38b
https://git.kernel.org/stable/c/cebc705b097d5c16469b141a25e840161d1c517a
https://git.kernel.org/stable/c/afa7f78d9a907cfded6c98c91aae2bf7b3b56e51
https://git.kernel.org/stable/c/7d59ac07ccb58f8f604f8057db63b8efcebeb3de

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.