#VU93351 Improper Initialization in Linux kernel
Vulnerability identifier: #VU93351
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-665
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2
http://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423
http://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801
http://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64
http://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f
http://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0
http://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d
http://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
