#VU93281 Resource management error in Linux kernel


Published: 2024-06-25

Vulnerability identifier: #VU93281

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36004

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c
http://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd
http://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22
http://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f
http://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939
http://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0
http://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e
http://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP3 update for kernel
openEuler 20.03 LTS SP4 update for kernel
Resource management error in Linux kernel intel i40e driver