#VU93838 Resource management error in Linux kernel - CVE-2024-36006
Vulnerability identifier: #VU93838
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a
https://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530
https://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0
https://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154
https://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40
https://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97
https://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
