#VU103592 Improper error handling in Linux kernel - CVE-2024-57948
Vulnerability identifier: #VU103592
Vulnerability risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:U/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ieee802154_if_remove() function in net/mac802154/iface.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0d11dc30edfc4acef0acef130bb5ca596317190a
https://git.kernel.org/stable/c/2e41e98c4e79edae338f2662dbdf74ac2245d183
https://git.kernel.org/stable/c/41e4ca8acba39f1cecff2dfdf14ace4ee52c4272
https://git.kernel.org/stable/c/80aee0bc0dbe253b6692d33e64455dc742fc52f1
https://git.kernel.org/stable/c/98ea165a2ac240345c48b57c0a3d08bbcad02929
https://git.kernel.org/stable/c/b856d2c1384bc5a7456262afd21aa439ee5cdf6e
https://git.kernel.org/stable/c/eb09fbeb48709fe66c0d708aed81e910a577a30a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
