#VU93839 Resource management error in Linux kernel


Published: 2024-07-07

Vulnerability identifier: #VU93839

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35944

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051
http://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b
http://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100
http://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74
http://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75
http://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73
http://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f
http://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability