#VU99157 Buffer overflow in Linux kernel - CVE-2024-50001
Vulnerability identifier: #VU99157
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the mlx5e_sq_xmit_mpwqe() function in drivers/net/ethernet/mellanox/mlx5/core/en_tx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/ca36d6c1a49b6965c86dd528a73f38bc62d9c625
https://git.kernel.org/stable/c/ce828b347cf1b3c1b12b091d02463c35ce5097f5
https://git.kernel.org/stable/c/fc357e78176945ca7bcacf92ab794b9ccd41b4f4
https://git.kernel.org/stable/c/26fad69b34fcba80d5c7d9e651f628e6ac927754
https://git.kernel.org/stable/c/ecf310aaf256acbc8182189fe0aa1021c3ddef72
https://git.kernel.org/stable/c/8bb8c12fb5e2b1f03d603d493c92941676f109b5
https://git.kernel.org/stable/c/2bcae12c795f32ddfbf8c80d1b5f1d3286341c32
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
