#VU93772 Resource management error in Linux kernel - CVE-2024-26835
Vulnerability identifier: #VU93772
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3
https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af
https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be
https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376
https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3deb9069
https://git.kernel.org/stable/c/6f2496366426cec18ba53f1c7f6c3ac307ca6a95
https://git.kernel.org/stable/c/bccebf64701735533c8db37773eeacc6566cc8ec
https://git.kernel.org/stable/c/a6411f3c48f991c19aaf9a24fce36865fbba28d7
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
