#VU93172 Input validation error in Linux kernel - CVE-2024-34777

Cybersecurity Help s.r.o.

Published: 2024-06-24

Vulnerability identifier: #VU93172

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-34777

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the map_benchmark_ioctl() function in kernel/dma/map_benchmark.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936
http://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570
http://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b
http://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87
http://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-azure-fde-5.15

Ubuntu update for linux-hwe-6.8

Ubuntu update for linux-raspi

Ubuntu update for linux-lowlatency

Ubuntu update for linux-ibm-5.15

Ubuntu update for linux-xilinx-zynqmp

Ubuntu update for linux-nvidia-6.8

Ubuntu update for linux-azure

Ubuntu update for linux-lowlatency-hwe-6.8

Ubuntu update for linux