#VU102201 Improper error handling in Linux kernel - CVE-2024-56659


Vulnerability identifier: #VU102201

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56659

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the include/net/lapb.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/03e661b5e7aa1124f24054df9ab2ee5cb2178973
https://git.kernel.org/stable/c/2b351355bbd50ae25d096785b6eb31998d2bf765
https://git.kernel.org/stable/c/3aa2ef7ffd0451e8f81c249d2a2a68283c6bc700
https://git.kernel.org/stable/c/76d856f03d0290cf5392364ecdf74c15ee16b8fd
https://git.kernel.org/stable/c/a6d75ecee2bf828ac6a1b52724aba0a977e4eaf4
https://git.kernel.org/stable/c/c21c7c1c00bcc60cf752ec491bdfd47693f4d3c7
https://git.kernel.org/stable/c/f0949199651bc87c5ed2c12a7323f441f1af6fe9

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-iot
Ubuntu update for linux-hwe-5.15
Ubuntu update for linux-raspi
Ubuntu update for linux-aws
Ubuntu update for linux-aws-fips
Ubuntu update for linux-aws-5.4
Ubuntu update for linux
Ubuntu update for linux-azure
Ubuntu update for linux-fips
Ubuntu update for linux-azure-fips