#VU93591 Resource management error in Linux kernel - CVE-2024-35830
Vulnerability identifier: #VU93591
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35830
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24
https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6
https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7
https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a
https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d
https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468
https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7a635496
https://git.kernel.org/stable/c/4f1490a5d7a0472ee5d9f36547bc4ba46be755c7
https://git.kernel.org/stable/c/87399f1ff92203d65f1febf5919429f4bb613a02
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
