SB2024122717 - Integer overflow in Linux kernel edac driver
Published: December 27, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024122717
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2024-53161)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the bluefield_edac_check() function in drivers/edac/bluefield_edac.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/000930193fe5eb79ce5563ee2e9ddb0c6e4e1bb5
- https://git.kernel.org/stable/c/1fe774a93b46bb029b8f6fa9d1f25affa53f06c6
- https://git.kernel.org/stable/c/4ad7033de109d0fec99086f352f58a3412e378b8
- https://git.kernel.org/stable/c/578ca89b04680145d41011e7cec8806fefbb59e7
- https://git.kernel.org/stable/c/8cc31cfa36ff37aff399b72faa2ded58110112ae
- https://git.kernel.org/stable/c/ac6ebb9edcdb7077e841862c402697c4c48a7c0a
- https://git.kernel.org/stable/c/e0269ea7a628fdeddd65b92fe29c09655dbb80b9
- https://git.kernel.org/stable/c/fdb90006184aa84c7b4e09144ed0936d4e1891a7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11