SB2024062527 - Buffer overflow in Linux kernel accessibility speakup driver
Published: June 25, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024062527
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2024-26994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the get_word() function in drivers/accessibility/speakup/main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0d130158db29f5e0b3893154908cf618896450a8
- https://git.kernel.org/stable/c/89af25bd4b4bf6a71295f07e07a8ae7dc03c6595
- https://git.kernel.org/stable/c/8defb1d22ba0395b81feb963b96e252b097ba76f
- https://git.kernel.org/stable/c/0efb15c14c493263cb3a5f65f5ddfd4603d19a76
- https://git.kernel.org/stable/c/c8d2f34ea96ea3bce6ba2535f867f0d4ee3b22e1
- https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f
- https://git.kernel.org/stable/c/8f6b62125befe1675446923e4171eac2c012959c
- https://git.kernel.org/stable/c/6401038acfa24cba9c28cce410b7505efadd0222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.216