#VU100194 Use of uninitialized resource in Linux kernel


Vulnerability identifier: #VU100194

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-50237

CWE-ID: CWE-908

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_get_tx_power() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/b0b862aa3dbcd16b3c4715259a825f48ca540088
http://git.kernel.org/stable/c/78b698fbf37208ee921ee4cedea75b5d33d6ea9f
http://git.kernel.org/stable/c/c21efba8b5a86537ccdf43f77536bad02f82776c
http://git.kernel.org/stable/c/b2bcbe5450b20641f512d6b26c6b256a5a4f847f
http://git.kernel.org/stable/c/8f6cd4d5bb7406656835a90e4f1a2192607f0c21
http://git.kernel.org/stable/c/ee35c423042c9e04079fdee3db545135d609d6ea
http://git.kernel.org/stable/c/3ccf525a73d48e814634847f6d4a6150c6f0dffc
http://git.kernel.org/stable/c/393b6bc174b0dd21bb2a36c13b36e62fc3474a23

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP1 update for kernel
openEuler 24.03 LTS update for kernel
openEuler 22.03 LTS SP4 update for kernel
openEuler 22.03 LTS SP3 update for kernel
Use of uninitialized resource in Linux kernel mac80211