Resource management error in Linux kernel intel i40e driver



Published: 2024-06-25
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-36004
CWE-ID CWE-399
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource management error

EUVDB-ID: #VU93281

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36004

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c
http://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd
http://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22
http://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f
http://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939
http://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0
http://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e
http://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###