Improper Initialization in Linux kernel mlx5 core driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-35960 |
| CWE-ID | CWE-665 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Initialization
EUVDB-ID: #VU93351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2
http://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423
http://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801
http://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64
http://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f
http://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0
http://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d
http://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
