#VU90877 Use of uninitialized resource in Linux kernel - CVE-2024-26863

Vulnerability identifier: #VU90877

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26863

CWE-ID: CWE-908

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/e3b2bfb8ff1810a537b2aa55ba906a6743ed120c
https://git.kernel.org/stable/c/889ed056eae7fda85b769a9ab33c093379c45428
https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a
https://git.kernel.org/stable/c/a809bbfd0e503351d3051317288a70a4569a4949
https://git.kernel.org/stable/c/1ed222ca7396938eb1ab2d034f1ba0d8b00a7122
https://git.kernel.org/stable/c/39cc316fb3bc5e7c9dc5eed314fe510d119c6862
https://git.kernel.org/stable/c/97d2148ea435dff4b4e71817c9032eb321bcd37e
https://git.kernel.org/stable/c/09e5cdbe2cc88c3c758927644a3eb02fac317209
https://git.kernel.org/stable/c/ddbec99f58571301679addbc022256970ca3eac6

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.