Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-26588 |
CWE-ID | CWE-125 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU90363
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26588
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the build_insn() function in arch/loongarch/net/bpf_jit.c. A local user can execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 6.1 - 6.8 rc5
CPE2.3https://git.kernel.org/stable/c/4631c2dd69d928bca396f9f58baeddf85e14ced5
https://git.kernel.org/stable/c/9aeb09f4d85a87bac46c010d75a2ea299d462f28
https://git.kernel.org/stable/c/7924ade13a49c0067da6ea13e398102979c0654a
https://git.kernel.org/stable/c/36a87385e31c9343af9a4756598e704741250a67
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.75
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.2
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.