#VU100154 Input validation error in Linux kernel - CVE-2024-50179
Vulnerability identifier: #VU100154
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ceph_set_page_dirty() function in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/f55e003d261baa7c57d51ae5c8ec1f5c26a35c89
http://git.kernel.org/stable/c/f863bfd0a2c6c99011c62ea71ac04f8e78707da9
http://git.kernel.org/stable/c/ea98284fc4fb05f276737d2043b02b62be5a8dfb
http://git.kernel.org/stable/c/11ab19d48ab877430eed0c7d83810970bbcbc4f6
http://git.kernel.org/stable/c/9d4f619153bab7fa59736462967821d6521a38cb
http://git.kernel.org/stable/c/74b302ebad5b43ac17460fa58092d892a3cba6eb
http://git.kernel.org/stable/c/c08dfb1b49492c09cf13838c71897493ea3b424e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
