#VU99154 Buffer overflow in Linux kernel - CVE-2024-50022

Cybersecurity Help s.r.o.

Published: 2024-10-22

Vulnerability identifier: #VU99154

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50022

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the dax_set_mapping() function in drivers/dax/device.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/9c4198dfdca818c5ce19c764d90eabd156bbc6da
https://git.kernel.org/stable/c/b822007e8db341d6f175c645ed79866db501ad86
https://git.kernel.org/stable/c/e877427d218159ac29c9326100920d24330c9ee6
https://git.kernel.org/stable/c/7fcbd9785d4c17ea533c42f20a9083a83f301fa6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-hwe-6.8

Dell VxRail Appliance 8.x update for third-party components

Ubuntu update for linux

Ubuntu update for linux-ibm

Ubuntu update for linux-oem-6.8

Ubuntu update for linux-realtime

Dell SmartFabric Manager update for third-party components

Ubuntu update for linux-oem-6.11

Ubuntu update for linux-aws

Ubuntu update for linux