#VU103133 Integer overflow in Linux kernel - CVE-2024-57938
Published: January 21, 2025 / Updated: May 11, 2025
Vulnerability identifier: #VU103133
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-57938
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the sctp_association_init() function in net/sctp/associola.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/081bdb3a31674339313c6d702af922bc29de2c53
- https://git.kernel.org/stable/c/2297890b778b0e7c8200d6818154f7e461d78e94
- https://git.kernel.org/stable/c/271f031f4c31c07e2a85a1ba2b4c8e734909a477
- https://git.kernel.org/stable/c/4e86729d1ff329815a6e8a920cb554a1d4cb5b8d
- https://git.kernel.org/stable/c/7af63ef5fe4d480064eb22583b24ffc8b408183a
- https://git.kernel.org/stable/c/94b7ed0a4896420988e1776942f0a3f67167873e
- https://git.kernel.org/stable/c/f9c3adb083d3278f065a83c3f667f1246c74c31f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.176