Buffer overflow in Linux kernel x86 entry



| Updated: 2025-05-12
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-42240
CWE-ID CWE-119
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Buffer overflow

EUVDB-ID: #VU95516

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42240

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYM_INNER_LABEL() function in arch/x86/entry/entry_64_compat.S. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.15 - 6.6.40

CPE2.3 External links

https://git.kernel.org/stable/c/db56615e96c439e13783d7715330e824b4fd4b84
https://git.kernel.org/stable/c/a765679defe1dc1b8fa01928a6ad6361e72a1364
https://git.kernel.org/stable/c/dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf
https://git.kernel.org/stable/c/08518d48e5b744620524f0acd7c26c19bda7f513
https://git.kernel.org/stable/c/ac8b270b61d48fcc61f052097777e3b5e11591e0
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.41


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###