Input validation error in Linux kernel squashfs



Published: 2024-09-18
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-46744
CWE-ID CWE-20
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Input validation error

EUVDB-ID: #VU97540

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46744

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the squashfs_read_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90
http://git.kernel.org/stable/c/1b9451ba6f21478a75288ea3e3fca4be35e2a438
http://git.kernel.org/stable/c/5c8906de98d0d7ad42ff3edf2cb6cd7e0ea658c4
http://git.kernel.org/stable/c/087f25b2d36adae19951114ffcbb7106ed405ebb
http://git.kernel.org/stable/c/fac5e82ab1334fc8ed6ff7183702df634bd1d93d
http://git.kernel.org/stable/c/c3af7e460a526007e4bed1ce3623274a1a6afe5e
http://git.kernel.org/stable/c/ef4e249971eb77ec33d74c5c3de1e2576faf6c90
http://git.kernel.org/stable/c/810ee43d9cd245d138a2733d87a24858a23f577d


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###