SB2024062041 - Out-of-bounds read in Linux kernel staging speakup driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2024-38587)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/42f0a3f67158ed6b2908d2b9ffbf7e96d23fd358
• https://git.kernel.org/stable/c/cd7f3978c2ec741aedd1d860b2adb227314cf996
• https://git.kernel.org/stable/c/07ef95cc7a579731198c93beed281e3a79a0e586
• https://git.kernel.org/stable/c/504178fb7d9f6cdb0496d5491efb05f45597e535
• https://git.kernel.org/stable/c/3726f75a1ccc16cd335c0ccfad1d92ee08ecba5e
• https://git.kernel.org/stable/c/c6e1650cf5df1bd6638eeee231a683ef30c7d4eb
• https://git.kernel.org/stable/c/eb1ea64328d4cc7d7a912c563f8523d5259716ef
• https://git.kernel.org/stable/c/d52c04474feac8e305814a5228e622afe481b2ef
• https://git.kernel.org/stable/c/008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12