Severity
High
Analysis Summary
CVE-2024-0562 CVSS:7.8
Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free flaw when a disk is removed. By sending a specially crafted request, an attacker could exploit this vulnerability to access the recently freed bdi_writeback, and use this information to launch further attacks against the affected system.
CVE-2024-0565 CVSS:7.1
Linux Kernel could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an out-of-bounds memory read due to an integer underflow on the memcpy length. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Impact
- Denial of Service
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-0562
- CVE-2024-0565
Affected Vendors
Linux
Affected Products
- Linux Kernel 6.0-rc2
- Linux Kernel 6.7-rc5
Remediation
Upgrade to the latest version of Linux Kernel, available from the Linux Kernel Website.