SB2024060556 - Buffer overflow in Linux kernel thermal intel driver
Published: June 5, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024060556
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2024-26646)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hfi_parse_features() and intel_hfi_init() functions in drivers/thermal/intel/intel_hfi.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/28f010dc50df0f7987c04112114fcfa7e0803566
- https://git.kernel.org/stable/c/019ccc66d56a696a4dfee3bfa2f04d0a7c3d89ee
- https://git.kernel.org/stable/c/c9d6d63b6c03afaa6f185df249af693a7939577c
- https://git.kernel.org/stable/c/97566d09fd02d2ab329774bb89a2cdf2267e86d9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.76
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8