Improper error handling in Linux kernel dsa mv88e6xxx driver



Published: 2024-07-31
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-42224
CWE-ID CWE-388
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper error handling

EUVDB-ID: #VU95012

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42224

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3
External links

http://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee
http://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618
http://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5
http://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114
http://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89
http://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d
http://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4
http://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###