#VU93269 Resource management error in Linux kernel


Published: 2024-06-25

Vulnerability identifier: #VU93269

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35897

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/9a3b90904d8a072287480eed4c3ece4b99d64f78
http://git.kernel.org/stable/c/b58d0ac35f6d75ec1db8650a29dfd6f292c11362
http://git.kernel.org/stable/c/6cbbe1ba76ee7e674a86abd43009b083a45838cb
http://git.kernel.org/stable/c/2aeb805a1bcd5f27c8c0d1a9d4d653f16d1506f4
http://git.kernel.org/stable/c/9627fd0c6ea1c446741a33e67bc5709c59923827
http://git.kernel.org/stable/c/7f609f630951b624348373cef99991ce08831927
http://git.kernel.org/stable/c/1bc83a019bbe268be3526406245ec28c2458a518
http://git.kernel.org/stable/c/e75faf01e22ec7dc671640fa0e0968964fafd2fc


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability