SB20241022333 - Input validation error in Linux kernel stmicro stmmac driver
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022333
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2024-49977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tc_setup_cbs() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/e33fe25b1efe4f2e6a5858786dbc82ae4c44ed4c
- https://git.kernel.org/stable/c/b0da9504a528f05f97d926b4db74ff21917a33e9
- https://git.kernel.org/stable/c/5d43e1ad4567d67af2b42d3ab7c14152ffed25c6
- https://git.kernel.org/stable/c/03582f4752427f60817d896f1a827aff772bd31e
- https://git.kernel.org/stable/c/e297a2bf56d12fd7f91a0c209eb6ea84361f3368
- https://git.kernel.org/stable/c/837d9df9c0792902710149d1a5e0991520af0f93
- https://git.kernel.org/stable/c/675faf5a14c14a2be0b870db30a70764df81e2df
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.55