#VU102229 Resource management error in Linux kernel - CVE-2024-56576
Vulnerability identifier: #VU102229
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/13193a97ddd5a6a5b11408ddbc1ae85588b1860c
https://git.kernel.org/stable/c/1def915b1564f4375330bd113ea1d768a569cfd8
https://git.kernel.org/stable/c/34a3466a92f50c51d984f0ec2e96864886d460eb
https://git.kernel.org/stable/c/5c9ab34c87af718bdbf9faa2b1a6ba41d15380ea
https://git.kernel.org/stable/c/815d14147068347e88c258233eb951b41b2792a6
https://git.kernel.org/stable/c/869f38ae07f7df829da4951c3d1f7a2be09c2e9a
https://git.kernel.org/stable/c/b59ab89bc83f7bff67f78c6caf484a84a6dd30f7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
