Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-42224 |
CWE-ID | CWE-388 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU95012
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-42224
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
CPE2.3http://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee
http://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618
http://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5
http://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114
http://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89
http://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d
http://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4
http://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.