#VU91412 Infinite loop in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91412

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35997

CWE-ID: CWE-835

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/21bfca822cfc1e71796124e93b46e0d9fa584401
http://git.kernel.org/stable/c/c448a9fd50f77e8fb9156ff64848aa4295eb3003
http://git.kernel.org/stable/c/5095b93021b899f54c9355bebf36d78854c33a22
http://git.kernel.org/stable/c/b65fb50e04a95eec34a9d1bc138454a98a5578d8
http://git.kernel.org/stable/c/0561b65fbd53d3e788c5b0222d9112ca016fd6a1
http://git.kernel.org/stable/c/29e94f295bad5be59cf4271a93e22cdcf5536722
http://git.kernel.org/stable/c/418c5575d56410c6e186ab727bf32ae32447d497
http://git.kernel.org/stable/c/9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability