#VU93838 Resource management error in Linux kernel


Published: 2024-07-07

Vulnerability identifier: #VU93838

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36006

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the mlxsw_sp_acl_tcam_vchunk_migrate_one() and mlxsw_sp_acl_tcam_vchunk_migrate_all() functions in drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/0b2c13b670b168e324e1cf109e67056a20fd610a
http://git.kernel.org/stable/c/09846c2309b150b8ce4e0ce96f058197598fc530
http://git.kernel.org/stable/c/64435b64e43d8ee60faa46c0cd04e323e8b2a7b0
http://git.kernel.org/stable/c/4526a56e02da3725db979358964df9cd9c567154
http://git.kernel.org/stable/c/ab4ecfb627338e440ae11def004c524a00d93e40
http://git.kernel.org/stable/c/af8b593c3dd9df82cb199be65863af004b09fd97
http://git.kernel.org/stable/c/b377add0f0117409c418ddd6504bd682ebe0bf79
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability