#VU89392 Incorrect calculation in Linux kernel


Published: 2024-05-13

Vulnerability identifier: #VU89392

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26752

CWE-ID: CWE-682

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae
http://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5
http://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243
http://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d
http://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500
http://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56
http://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6
http://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP3 update for kernel
openEuler 20.03 LTS SP1 update for kernel
openEuler 22.03 LTS SP2 update for kernel
openEuler 22.03 LTS SP1 update for kernel
openEuler 22.03 LTS update for kernel
Denial of service in Linux kernel l2tp