#VU94951 Out-of-bounds read in Linux kernel - CVE-2024-42143
Published: July 31, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU94951
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-42143
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the orangefs_statfs() function in fs/orangefs/super.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/b90176a9553775e23966650e445b1866e62e4924
- https://git.kernel.org/stable/c/556edaa27c27db24a0f34c78cebef90e5bb6e167
- https://git.kernel.org/stable/c/1617249e24bd04c8047956afb43feec4876d1715
- https://git.kernel.org/stable/c/137a06dc0ff8b2d2069c2345d015ef0fa71df1ed
- https://git.kernel.org/stable/c/74159d409da82269311a60256aad8ae8753da450
- https://git.kernel.org/stable/c/6a3cacf6d3cf0278aa90392aef2fc3fe2717a047
- https://git.kernel.org/stable/c/de8a5f7b71800a11fbaffc8ddacf08ead78afcc5
- https://git.kernel.org/stable/c/53e4efa470d5fc6a96662d2d3322cfc925818517
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39