#VU102236 Buffer overflow in Linux kernel - CVE-2024-56539
Vulnerability identifier: #VU102236
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the drivers/net/wireless/marvell/mwifiex/fw.h. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.11, 6.11.1, 6.11.2, 6.11.3, 6.11.4, 6.11.5, 6.11.6, 6.11.7, 6.11.8, 6.11.9, 6.11.10
External links
https://git.kernel.org/stable/c/1de0ca1d7320a645ba2ee5954f64be08935b002a
https://git.kernel.org/stable/c/581261b2d6fdb4237b24fa13f5a5f87bf2861f2c
https://git.kernel.org/stable/c/5fa329c44e1e635da2541eab28b6cdb8464fc8d1
https://git.kernel.org/stable/c/a09760c513ae0f98c7082a1deace7fb6284ee866
https://git.kernel.org/stable/c/b466746cfb6be43f9a1457bbee52ade397fb23ea
https://git.kernel.org/stable/c/c4698ef8c42e02782604bf4f8a489dbf6b0c1365
https://git.kernel.org/stable/c/d241a139c2e9f8a479f25c75ebd5391e6a448500
https://git.kernel.org/stable/c/d7774910c5583e61c5fe2571280366624ef48036
https://git.kernel.org/stable/c/e2de22e4b6213371d9e76f74a10ce817572a8d74
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
