#VU102266 Input validation error in Linux kernel - CVE-2024-56720


Vulnerability identifier: #VU102266

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56720

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sk_msg_shift_left() and BPF_CALL_4() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
https://git.kernel.org/stable/c/275a9f3ef8fabb0cb282a62b9e164dedba7284c5
https://git.kernel.org/stable/c/5d609ba262475db450ba69b8e8a557bd768ac07a
https://git.kernel.org/stable/c/785180bed9879680d8e5c5e1b54c8ae8d948f4c8
https://git.kernel.org/stable/c/98c7ea7d11f2588e8197db042e0291e4ac8f8346
https://git.kernel.org/stable/c/d26d977633d1d0b8bf9407278189bd0a8d973323
https://git.kernel.org/stable/c/d3f5763b3062514a234114e97bbde74d8d702449
https://git.kernel.org/stable/c/e1f54c61c4c9a5244eb8159dce60d248f7d97b32
https://git.kernel.org/stable/c/f58d3aa457e77a3d9b3df2ab081dcf9950f6029f


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability