Buffer Overflow Vulnerability in TA for Linux and MacOS by Trellix
CVE-2024-0213

8.2HIGH

Key Information:

Vendor: Trellix
Status: Trellix Agent (TA)
Vendor: CVE Published:; 9 January 2024

What is CVE-2024-0213?

A buffer overflow vulnerability exists in TA for Linux and TA for MacOS versions prior to 5.8.1, allowing local users to exploit a memory corruption flaw in the TA service that runs with root privileges. Successful exploitation can lead to elevated permissions, enabling user actions that compromise system integrity, or result in a Denial of Service (DoS) scenario. Additionally, this vulnerability may hinder event reporting to the ePO by failing to validate input from files adequately, creating further security risks.

Affected Version(s)

Trellix Agent (TA) Prior to 5.8.1

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Jan 3, 2024

Credit

Lockheed Martin Red Team