#VU92006 Buffer overflow in Linux kernel - CVE-2024-26870

Vulnerability identifier: #VU92006

Vulnerability risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26870

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/4403438eaca6e91f02d272211c4d6b045092396b
https://git.kernel.org/stable/c/9d52865ff28245fc2134da9f99baff603a24407a
https://git.kernel.org/stable/c/06e828b3f1b206de08ef520fc46a40b22e1869cb
https://git.kernel.org/stable/c/79cdcc765969d23f4e3d6ea115660c3333498768
https://git.kernel.org/stable/c/80365c9f96015bbf048fdd6c8705d3f8770132bf
https://git.kernel.org/stable/c/23bfecb4d852751d5e403557dd500bb563313baf
https://git.kernel.org/stable/c/251a658bbfceafb4d58c76b77682c8bf7bcfad65

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.