#VU91411 Infinite loop in Linux kernel - CVE-2024-35982


Vulnerability identifier: #VU91411

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35982

CWE-ID: CWE-835

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
https://git.kernel.org/stable/c/04720ea2e6c64459a90ca28570ea78335eccd924
https://git.kernel.org/stable/c/b3ddf6904073990492454b1dd1c10a24be8c74c6
https://git.kernel.org/stable/c/70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d
https://git.kernel.org/stable/c/87b6af1a7683e021710c08fc0551fc078346032f
https://git.kernel.org/stable/c/3fe79b2c83461edbbf86ed8a6f3924820ff89259
https://git.kernel.org/stable/c/4ca2a5fb54ea2cc43edea614207fcede562d91c2
https://git.kernel.org/stable/c/ca54e2671548616ad34885f90d4f26f7adb088f0
https://git.kernel.org/stable/c/b1f532a3b1e6d2e5559c7ace49322922637a28aa


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability