SB2024102212 - Out-of-bounds read in Linux kernel block
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024102212
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2024-49933)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ioc_forgive_debts() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/1f61d509257d6a05763d05bf37943b35306522b1
- https://git.kernel.org/stable/c/f4ef9bef023d5c543cb0f3194ecacfd47ef590ec
- https://git.kernel.org/stable/c/59121bb38fdc01434ea3fe361ee02b59f036227f
- https://git.kernel.org/stable/c/1ab2cfe19700fb3dde4c7dfec392acff34db3120
- https://git.kernel.org/stable/c/1b120f151871eb47ce9f283c007af3f8ae1d990e
- https://git.kernel.org/stable/c/364022095bdd4108efdaaa68576afa4712a5d085
- https://git.kernel.org/stable/c/9bce8005ec0dcb23a58300e8522fe4a31da606fa
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.55