Input validation error in Linux kernel llc



Published: 2024-06-03
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-26636
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU90859

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26636

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b
http://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d
http://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c
http://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249
http://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4
http://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b
http://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb
http://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###