#VU92003 Use of uninitialized resource in Linux kernel - CVE-2024-27431

Vulnerability identifier: #VU92003

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27431

CWE-ID: CWE-908

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the cpu_map_bpf_prog_run_xdp() function in kernel/bpf/cpumap.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297
https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b
https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95
https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a
https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6
https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.