Linux Kernel Vulnerability - 20240402005¶
Overview¶
A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected |
|---|---|---|---|
| CVE-2024-0582 | High | 7.8 | Linux Kernel - From (including) 6.4, Up to (excluding) 6.6.5 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):