CVE-2024-42076

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 29, 2024
Updated: Jul 30, 2024
CWE ID 908

Summary

CVE-2024-42076: A kernel vulnerability in the Linux net: can: j1939 module has been resolved. The issue occurred in the j1939_send_one() function, which failed to initialize unused data when creating a full frame. This led to a kernel-infoleak issue. Uninitialized data was created during the allocation of a slab node in mm/slub.c. The vulnerability affected functions such as sock_recvmsg(), sock_sendmsg(), and sys_recvmsg(), potentially allowing an attacker to leak kernel memory. The issue was discovered using KMSAN and affects Linux kernel versions prior to the patch.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share