#VU102261 Input validation error in Linux kernel - CVE-2024-56690

Vulnerability identifier: #VU102261

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56690

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pcrypt_aead_encrypt() and pcrypt_aead_decrypt() functions in crypto/pcrypt.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/5edae7a9a35606017ee6e05911c290acee9fee5a
https://git.kernel.org/stable/c/662f2f13e66d3883b9238b0b96b17886179e60e2
https://git.kernel.org/stable/c/7ddab756f2de5b7b43c122ebebdf37f400fb2b6f
https://git.kernel.org/stable/c/92834692a539b5b7f409e467a14667d64713b732
https://git.kernel.org/stable/c/96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca
https://git.kernel.org/stable/c/a8e0074ffb38c9a5964a221bb998034d016c93a2
https://git.kernel.org/stable/c/a92ccd3618e42333ac6f150ecdac14dca298bc7a
https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6
https://git.kernel.org/stable/c/fca8aed12218f96b38e374ff264d78ea1fbd23cc

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.