SB2024070349 - Improper privilege management in Linux kernel 9p
Published: July 3, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024070349
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper privilege management (CVE-ID: CVE-2024-36964)
The vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d
- https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96
- https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c
- https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32
- https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8
- https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3
- https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02
- https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.314
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.217
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.276
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.10