#VU98908 Out-of-bounds read in Linux kernel - CVE-2024-49930

Vulnerability identifier: #VU98908

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49930

CWE-ID: CWE-125

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/0f26f26944035ec67546a944f182cbad6577a9c0
https://git.kernel.org/stable/c/4dd732893bd38cec51f887244314e2b47f0d658f
https://git.kernel.org/stable/c/73e235728e515faccc104b0153b47d0f263b3344
https://git.kernel.org/stable/c/7a552bc2f3efe2aaf77a85cb34cdf4a63d81a1a7
https://git.kernel.org/stable/c/6045ef5b4b00fee3629689f791992900a1c94009
https://git.kernel.org/stable/c/01b77f5ee11c89754fb836af8f76799d3b72ae2f
https://git.kernel.org/stable/c/69f253e46af98af17e3efa3e5dfa72fcb7d1983d

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.