#VU99843 Buffer overflow in Linux kernel - CVE-2024-50096
Vulnerability identifier: #VU99843
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nouveau_dmem_fault_copy_one() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/73f75d2b5aee5a735cf64b8ab4543d5c20dbbdd9
http://git.kernel.org/stable/c/8c3de9282dde21ce3c1bf1bde3166a4510547aa9
http://git.kernel.org/stable/c/614bfb2050982d23d53d0d51c4079dba0437c883
http://git.kernel.org/stable/c/697e3ddcf1f8b68bd531fc34eead27c000bdf3e1
http://git.kernel.org/stable/c/ab4d113b6718b076046018292f821d5aa4b844f8
http://git.kernel.org/stable/c/835745a377a4519decd1a36d6b926e369b3033e2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
