#VU93836 Resource management error in Linux kernel


Published: 2024-07-07

Vulnerability identifier: #VU93836

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38565

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/79ddf5f2020fd593d50f1363bb5131283d74f78f
http://git.kernel.org/stable/c/68a5a00c5d38978a3f8460c6f182f7beec8688ff
http://git.kernel.org/stable/c/ee25389df80138907bc9dcdf4a2be2067cde9a81
http://git.kernel.org/stable/c/b4c24de37a6bb383394a6fef2b85a6db41d426f5
http://git.kernel.org/stable/c/34f7ebff1b9699e0b89fa58b693bc098c2f5ec72
http://git.kernel.org/stable/c/b33a81e4ecfb022b028cae37d1c1ce28ac1b359d
http://git.kernel.org/stable/c/beeed260b92af158592f5e8d2dab65dae45c6f70
http://git.kernel.org/stable/c/7bbf76c9bb2c58375e183074e44f9712483f0603
http://git.kernel.org/stable/c/e120b6388d7d88635d67dcae6483f39c37111850
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability