SB2024062211 - Out-of-bounds read in Linux kernel cisco enic driver
Published: June 22, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062211
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2024-38659)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600
- https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d
- https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227
- https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7
- https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5
- https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c
- https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31
- https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33