#VU93613 Incorrect calculation in Linux kernel


Published: 2024-07-02

Vulnerability identifier: #VU93613

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35900

CWE-ID: CWE-682

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab
http://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b
http://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb
http://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830
http://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7
http://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a
http://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769
http://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability