#VU102990 Input validation error in Linux kernel - CVE-2024-57791

Vulnerability identifier: #VU102990

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57791

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the smc_clc_wait_msg() function in net/smc/smc_clc.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/6b80924af6216277892d5f091f5bfc7d1265fa28
https://git.kernel.org/stable/c/7a6927814b4256d603e202ae7c5e38db3b338896
https://git.kernel.org/stable/c/82c7ad9ca09975aae737abffd66d1ad98874c13d
https://git.kernel.org/stable/c/c5b8ee5022a19464783058dc6042e8eefa34e8cd
https://git.kernel.org/stable/c/d7d1f986ebb284b1db8dafca7d1bdb6dd2445cf6
https://git.kernel.org/stable/c/df3dfe1a93c6298d8c09a18e4fba19ef5b17763b

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.