#VU102401 Improper error handling in Linux kernel - CVE-2024-56769
Vulnerability identifier: #VU102401
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56769
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the MODULE_PARM_DESC() function in drivers/media/dvb-frontends/dib3000mb.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4, 6.12.5, 6.12.6, 6.12.7
External links
https://git.kernel.org/stable/c/1d6de21f00293d819b5ca6dbe75ff1f3b6392140
https://git.kernel.org/stable/c/2dd59fe0e19e1ab955259978082b62e5751924c7
https://git.kernel.org/stable/c/3876e3a1c31a58a352c6bf5d2a90e3304445a637
https://git.kernel.org/stable/c/c1197c1457bb7098cf46366e898eb52b41b6876a
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
