#VU100728 Input validation error in Linux kernel - CVE-2024-53059
Vulnerability identifier: #VU100728
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_disconnect_iterator() and iwl_mvm_send_recovery_cmd() functions in drivers/net/wireless/intel/iwlwifi/mvm/fw.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/9c98ee7ea463a838235e7a0e35851b38476364f2
https://git.kernel.org/stable/c/45a628911d3c68e024eed337054a0452b064f450
https://git.kernel.org/stable/c/3f45d590ccbae6dfd6faef54efe74c30bd85d3da
https://git.kernel.org/stable/c/64d63557ded6ff3ce72b18ab87a6c4b1b652161c
https://git.kernel.org/stable/c/3eb986c64c6bfb721950f9666a3b723cf65d043f
https://git.kernel.org/stable/c/9480c3045f302f43f9910d2d556d6cf5a62c1822
https://git.kernel.org/stable/c/07a6e3b78a65f4b2796a8d0d4adb1a15a81edead
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
