#VU102279 Input validation error in Linux kernel - CVE-2024-56562

Cybersecurity Help s.r.o.

Published: 2024-12-30 | Updated: 2025-05-11

Vulnerability identifier: #VU102279

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56562

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the i3c_master_put_i3c_addrs() function in drivers/i3c/master.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.6, 6.6 rc1, 6.6 rc2, 6.6 rc3, 6.6 rc4, 6.6 rc5, 6.6 rc6, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17, 6.6.18, 6.6.19, 6.6.20, 6.6.21, 6.6.22, 6.6.23, 6.6.24, 6.6.25, 6.6.26, 6.6.27, 6.6.28, 6.6.29, 6.6.30, 6.6.31, 6.6.32, 6.6.33, 6.6.34, 6.6.35, 6.6.36, 6.6.37, 6.6.38, 6.6.39, 6.6.40, 6.6.41, 6.6.42, 6.6.43, 6.6.44, 6.6.45, 6.6.46, 6.6.47, 6.6.48, 6.6.49, 6.6.50, 6.6.51, 6.6.52, 6.6.53, 6.6.54, 6.6.55, 6.6.56, 6.6.57, 6.6.58, 6.6.59, 6.6.60, 6.6.61, 6.6.62, 6.6.63

External links
https://git.kernel.org/stable/c/093ecc6d82ff1d2e0cbf6f2000438b6c698145cb
https://git.kernel.org/stable/c/0cb21f1ea3a2e19ee314a8fcf95461b5c453c59e
https://git.kernel.org/stable/c/0e8ab955c6d06f9d907761c07c02d1492f0a8ac1
https://git.kernel.org/stable/c/3082990592f7c6d7510a9133afa46e31bbe26533
https://git.kernel.org/stable/c/991e33a99fd3b5d432f0629565f532f563fe019a
https://git.kernel.org/stable/c/c2f0ce241154b04f2fc150ff16ad82d9b8fdfa4a
https://git.kernel.org/stable/c/ce30d11b39e8d637fed4704a5b43e9d556990475
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.64

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-raspi-5.4

Ubuntu update for linux-raspi

Ubuntu update for linux-gcp-5.15

Ubuntu update for linux-azure-nvidia

Dell APEX Cloud Platform for Red Hat OpenShift update for third-party components

Ubuntu update for linux-ibm-5.15

Ubuntu update for linux-ibm-5.4

Ubuntu update for linux-hwe-6.8

Ubuntu update for linux-intel-iotg-5.15

Ubuntu update for linux-realtime