#VU90879 Use of uninitialized resource in Linux kernel - CVE-2024-26805

Vulnerability identifier: #VU90879

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26805

CWE-ID: CWE-908

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65
https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777
https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77
https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285
https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44
https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736
https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d
https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.