#VU93613 Incorrect calculation in Linux kernel - CVE-2024-35900
Vulnerability identifier: #VU93613
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-682
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/41bad13c0e8a5a2b47a7472cced922555372daab
https://git.kernel.org/stable/c/7b6fba6918714afee3e17796113ccab636255c7b
https://git.kernel.org/stable/c/8ba81dca416adf82fc5a2a23abc1a8cc02ad32fb
https://git.kernel.org/stable/c/745cf6a843896cdac8766c74379300ed73c78830
https://git.kernel.org/stable/c/420132bee3d0136b7fba253a597b098fe15493a7
https://git.kernel.org/stable/c/e95bb4cba94c018be24b11f017d1c55dd6cda31a
https://git.kernel.org/stable/c/994209ddf4f430946f6247616b2e33d179243769
https://git.kernel.org/stable/c/6d12f21f8bbe23fde25b77c2bf5973c136b8bef8
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
