Buffer overflow in Linux kernel

#VU88886 Buffer overflow in Linux kernel

Published: 2024-04-22

Vulnerability identifier: #VU88886

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26589

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the adjust_ptr_min_max_vals() function in kernel/bpf/verifier.c. A local user can crash the OS kernel.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://git.kernel.org/stable/c/29ffa63f21bcdcef3e36b03cccf9d0cd031f6ab0
http://git.kernel.org/stable/c/4108b86e324da42f7ed425bd71632fd844300dc8
http://git.kernel.org/stable/c/e8d3872b617c21100c5ee4f64e513997a68c2e3d
http://git.kernel.org/stable/c/1b500d5d6cecf98dd6ca88bc9e7ae1783c83e6d3
http://git.kernel.org/stable/c/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP3 update for kernel

openEuler 22.03 LTS SP2 update for kernel

openEuler 22.03 LTS SP1 update for kernel

openEuler 22.03 LTS update for kernel

Ubuntu update for linux-azure-6.5

Ubuntu update for linux-lowlatency-hwe-6.5

Ubuntu update for linux

Denial of service in Linux kernel bpf