#VU88887 Input validation error in Linux kernel


Published: 2024-04-22

Vulnerability identifier: #VU88887

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26581

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor:

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in net/netfilter/nft_set_rbtree.c. A locla user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

External links
http://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb
http://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7
http://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9
http://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0
http://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8
http://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a
http://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 9 update for kernel
Amazon Linux AMI update for kernel
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.13
Red Hat Enterprise Linux 9 update for kernel-rt
Red Hat Enterprise Linux 9 update for kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
Debian update for linux
Debian update for linux