#VU90859 Input validation error in Linux kernel


Published: 2024-06-03

Vulnerability identifier: #VU90859

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26636

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the llc_ui_sendmsg() function in net/llc/af_llc.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b
http://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d
http://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c
http://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249
http://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4
http://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b
http://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb
http://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP3 update for kernel
openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
Input validation error in Linux kernel llc