#VU100194 Use of uninitialized resource in Linux kernel - CVE-2024-50237

Vulnerability identifier: #VU100194

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50237

CWE-ID: CWE-908

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/b0b862aa3dbcd16b3c4715259a825f48ca540088
https://git.kernel.org/stable/c/78b698fbf37208ee921ee4cedea75b5d33d6ea9f
https://git.kernel.org/stable/c/c21efba8b5a86537ccdf43f77536bad02f82776c
https://git.kernel.org/stable/c/b2bcbe5450b20641f512d6b26c6b256a5a4f847f
https://git.kernel.org/stable/c/8f6cd4d5bb7406656835a90e4f1a2192607f0c21
https://git.kernel.org/stable/c/ee35c423042c9e04079fdee3db545135d609d6ea
https://git.kernel.org/stable/c/3ccf525a73d48e814634847f6d4a6150c6f0dffc
https://git.kernel.org/stable/c/393b6bc174b0dd21bb2a36c13b36e62fc3474a23

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.