#VU102490 Resource management error in Linux kernel - CVE-2024-56770

Vulnerability identifier: #VU102490

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56770

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tfifo_reset(), tfifo_enqueue(), netem_enqueue() and netem_dequeue() functions in net/sched/sch_netem.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/10df49cfca73dfbbdb6c4150d859f7e8926ae427
https://git.kernel.org/stable/c/216509dda290f6db92c816dd54b83c1df9da9e76
https://git.kernel.org/stable/c/356078a5c55ec8d2061fcc009fb8599f5b0527f9
https://git.kernel.org/stable/c/3824c5fad18eeb7abe0c4fc966f29959552dca3e
https://git.kernel.org/stable/c/83c6ab12f08dcc09d4c5ac86fdb89736b28f1d31
https://git.kernel.org/stable/c/c2047b0e216c8edce227d7c42f99ac2877dad0e4
https://git.kernel.org/stable/c/f8d4bc455047cf3903cd6f85f49978987dbb3027

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.