#VU93666 Buffer overflow in Linux kernel - CVE-2024-35810

Cybersecurity Help s.r.o.

Published: 2024-07-02 | Updated: 2025-05-13

Vulnerability identifier: #VU93666

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35810

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the vmw_du_cursor_mob_size() and vmw_du_cursor_plane_cleanup_fb() functions in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.6, 6.6 rc1, 6.6 rc2, 6.6 rc3, 6.6 rc4, 6.6 rc5, 6.6 rc6, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17, 6.6.18, 6.6.19, 6.6.20, 6.6.21, 6.6.22, 6.6.23, 6.7, 6.7 rc1, 6.7 rc2, 6.7 rc3, 6.7 rc5, 6.7 rc6, 6.7 rc7, 6.7.1, 6.7.2, 6.7.3, 6.7.4, 6.7.5, 6.7.6, 6.7.7, 6.7.8, 6.7.9, 6.7.10, 6.7.11, 6.8, 6.8 rc1, 6.8 rc2, 6.8 rc5, 6.8.1, 6.8.2

External links
https://git.kernel.org/stable/c/86cb706a40b7e6b2221ee49a298a65ad9b46c02d
https://git.kernel.org/stable/c/104a5b2772bc7c0715ae7355ccf9d294a472765c
https://git.kernel.org/stable/c/ed381800ea6d9a4c7f199235a471c0c48100f0ae
https://git.kernel.org/stable/c/9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in OpenShift Virtualization 4.16

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.18

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.17

Anolis OS update for kernel

Multiple vulnerabilities in IBM Security Guardium

Multiple vulnerabilities in IBM Technical Support Appliance

Multiple vulnerabilities in IBM Robotic Process Automation for Cloud Pak

Multiple vulnerabilities in IBM QRadar SIEM

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.15