CVE-2024-42076
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2024-42076: A kernel vulnerability in the Linux net: can: j1939 module has been resolved. The issue occurred in the j1939_send_one() function, which failed to initialize unused data when creating a full frame. This led to a kernel-infoleak issue. Uninitialized data was created during the allocation of a slab node in mm/slub.c. The vulnerability affected functions such as sock_recvmsg(), sock_sendmsg(), and sys_recvmsg(), potentially allowing an attacker to leak kernel memory. The issue was discovered using KMSAN and affects Linux kernel versions prior to the patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.