#VU90872 Use of uninitialized resource in Linux kernel - CVE-2024-35973
Vulnerability identifier: #VU90872
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536
https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c
https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915
https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79
https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670
https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e
https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852
https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
