Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-26586 |
CWE-ID | CWE-787 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU88935
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26586
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the mlxsw_sp_acl_tcam_init() function in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can trigger stack corruption and crash the kernel.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: before 5.15.148
External linkshttp://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182
http://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15
http://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62
http://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383
http://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706
http://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.