#VU102190 Reachable assertion in Linux kernel - CVE-2024-56705

Vulnerability identifier: #VU102190

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56705

CWE-ID: CWE-617

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the ia_css_3a_statistics_allocate() function in drivers/staging/media/atomisp/pci/sh_css_params.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/02a97d9d7ff605fa4a1f908d1bd3ad8573234b61
https://git.kernel.org/stable/c/0c24b82bc4d12c6a58ceacbf2598cd4df63abf9a
https://git.kernel.org/stable/c/0c25ab93f2878cab07d37ca5afd302283201e5af
https://git.kernel.org/stable/c/4676e50444046b498555b849e6080a5c78cdda9b
https://git.kernel.org/stable/c/74aa783682c4d78c69d87898e40c78df1fec204e
https://git.kernel.org/stable/c/8066badaf7463194473fb4be19dbe50b11969aa0
https://git.kernel.org/stable/c/ed61c59139509f76d3592683c90dc3fdc6e23cd6

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.