#VU100747 Input validation error in Linux kernel - CVE-2024-53043


Vulnerability identifier: #VU100747

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53043

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mctp_i2c_header_create() function in drivers/net/mctp/mctp-i2c.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/4707893315802a0917231b94cb20cbe50ccbfe03
http://git.kernel.org/stable/c/8e886e44397ba89f6e8da8471386112b4f5b67b7
http://git.kernel.org/stable/c/8c222adadc1612e4f097688875962a28e3f5ab44
http://git.kernel.org/stable/c/01e215975fd80af81b5b79f009d49ddd35976c13

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-oem-6.11
Ubuntu update for linux-aws
Ubuntu update for linux
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 24.03 LTS update for kernel
Debian update for linux
Input validation error in Linux kernel net mctp driver