#VU92370 Input validation error in Linux kernel


Published: 2024-06-20

Vulnerability identifier: #VU92370

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38567

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/eb0f2fc3ff5806cc572cd9055ce7c52a01e97645
http://git.kernel.org/stable/c/ac3ed46a8741d464bc70ebdf7433c1d786cf329d
http://git.kernel.org/stable/c/8650725bb0a48b206d5a8ddad3a7488f9a5985b7
http://git.kernel.org/stable/c/6a9892bf24c906b4d6b587f8759ca38bff672582
http://git.kernel.org/stable/c/265c3cda471c26e0f25d0c755da94e1eb15d7a0c
http://git.kernel.org/stable/c/62eb07923f3693d55b0c2d9a5a4f1ad72cb6b8fd
http://git.kernel.org/stable/c/03ddc74bdfd71b84a55c9f2185d8787f258422cd
http://git.kernel.org/stable/c/0fa08a55201ab9be72bacb8ea93cf752d338184f
http://git.kernel.org/stable/c/b6dd09b3dac89b45d1ea3e3bd035a3859c0369a0


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability