Buffer overflow in Linux kernel x86 entry



Published: 2024-08-07
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-42240
CWE-ID CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU95516

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42240

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/db56615e96c439e13783d7715330e824b4fd4b84
http://git.kernel.org/stable/c/a765679defe1dc1b8fa01928a6ad6361e72a1364
http://git.kernel.org/stable/c/dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf
http://git.kernel.org/stable/c/08518d48e5b744620524f0acd7c26c19bda7f513
http://git.kernel.org/stable/c/ac8b270b61d48fcc61f052097777e3b5e11591e0


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###