#VU102277 Input validation error in Linux kernel - CVE-2024-56679
Vulnerability identifier: #VU102277
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the otx2_get_max_mtu() function in drivers/net/ethernet/marvell/octeontx2/nic/otx2_common.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0fbc7a5027c6f7f2c785adae3dcec22b2f2b69b3
https://git.kernel.org/stable/c/4b88b202cf1ae79159a94fff9500f9be31559235
https://git.kernel.org/stable/c/52c63a6a27d3178fab533fcfb4baa2ed5b8608a3
https://git.kernel.org/stable/c/785c6758ea32aca73ba9331f7d902f7ce9a25757
https://git.kernel.org/stable/c/9265b6ee754226f61bd122ec57141a781d4e0dcb
https://git.kernel.org/stable/c/d4d5139d280f5837f16d116614c05c2b4eeaf28f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
