#VU90858 Input validation error in Linux kernel - CVE-2024-26675

Vulnerability identifier: #VU90858

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26675

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed
https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982
https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b
https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3
https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16
https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719
https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8
https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.