#VU94117 Input validation error in Linux kernel - CVE-2024-38558
Published: July 11, 2024
Vulnerability identifier: #VU94117
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-38558
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.
External links
- https://git.kernel.org/stable/c/6a51ac92bf35d34b4996d6eb67e2fe469f573b11
- https://git.kernel.org/stable/c/0b532f59437f688563e9c58bdc1436fefa46e3b5
- https://git.kernel.org/stable/c/5ab6aecbede080b44b8e34720ab72050bf1e6982
- https://git.kernel.org/stable/c/483eb70f441e2df66ade78aa7217e6e4caadfef3
- https://git.kernel.org/stable/c/9ec8b0ccadb908d92f7ee211a4eff05fd932f3f6
- https://git.kernel.org/stable/c/78741b4caae1e880368cb2f5110635f3ce45ecfd
- https://git.kernel.org/stable/c/431e9215576d7b728f3f53a704d237a520092120
- https://git.kernel.org/stable/c/d73fb8bddf89503c9fae7c42e50d44c89909aad6
- https://git.kernel.org/stable/c/7c988176b6c16c516474f6fceebe0f055af5eb56
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html