#VU93775 Resource management error in Linux kernel
Vulnerability identifier: #VU93775
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d
http://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366
http://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7
http://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c
http://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef
http://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418
http://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135
http://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
