Improper error handling in Linux kernel core



Published: 2024-06-27
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-36929
CWE-ID CWE-388
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper error handling

EUVDB-ID: #VU93449

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36929

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1
http://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533
http://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62
http://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6
http://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec
http://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681
http://lists.debian.org/debian-lts-announce/2024/06/msg00019.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###