#VU102954 Improper error handling in Linux kernel - CVE-2024-57901


Vulnerability identifier: #VU102954

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57901

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the vlan_get_tci() function in net/packet/af_packet.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
https://git.kernel.org/stable/c/0d3fa6c3c9ca7aa255696150f5b759ac4a4974e1
https://git.kernel.org/stable/c/560cbdd26b510626f3f4f27d34c44dfd3dd3499d
https://git.kernel.org/stable/c/5d336714db324bef84490c75dcc48b387ef0346e
https://git.kernel.org/stable/c/a693b87692b4d7c50f4fc08a996678d60534a9da
https://git.kernel.org/stable/c/cd8488fdc7116f6da277515647b167859d4f72b1
https://git.kernel.org/stable/c/de4f8d477c67ec1d7c28f3486c3e47d147d90a01
https://git.kernel.org/stable/c/f91a5b8089389eb408501af2762f168c3aaa7b79


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability