Out-of-bounds read in Linux kernel cisco enic driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-38659 |
| CWE-ID | CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Out-of-bounds read
EUVDB-ID: #VU93080
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 6.6.32
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600
https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d
https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227
https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7
https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5
https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c
https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31
https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
