Vulnerability identifier: #VU93772
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3
http://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af
http://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be
http://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376
http://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069
http://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95
http://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec
http://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.