Main Vulnerability Database SB2024062723

SB2024062723 - Remote denial of service in Linux kernel Intel idpf driver

Published: June 27, 2024 Updated: May 13, 2025

Security Bulletin ID SB2024062723

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2024-35889)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the idpf_rx_process_skb_fields() function in drivers/net/ethernet/intel/idpf/idpf_txrx.c when handling unknown packet types. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/b4d28f7fa4dd531cf503a4fe1ca7008960cc5832
https://git.kernel.org/stable/c/dd19e827d63ac60debf117676d1126bff884bdb8
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.5