#VU102273 Input validation error in Linux kernel - CVE-2024-56754

Vulnerability identifier: #VU102273

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56754

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the caam_qi_init() function in drivers/crypto/caam/qi.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/1f8e2f597b918ca5827a5c6d00b819d064264d1c
https://git.kernel.org/stable/c/6187727e57aec122c8a99c464c74578c810cbe40
https://git.kernel.org/stable/c/66eddb8dcb61065c53098510165f14b54232bcc2
https://git.kernel.org/stable/c/84a185aea7b83f620699de0ea36907d588d89cf6
https://git.kernel.org/stable/c/ad39df0898d3f469776c19d99229be055cc2dcea
https://git.kernel.org/stable/c/ad980b04f51f7fb503530bd1cb328ba5e75a250e
https://git.kernel.org/stable/c/cc386170b3312fd7b5bc4a69a9f52d7f50814526

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.