#VU94117 Input validation error in Linux kernel
Vulnerability identifier: #VU94117
Vulnerability risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing ICMPv6 packets within the parse_icmpv6() function in net/openvswitch/flow.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/6a51ac92bf35d34b4996d6eb67e2fe469f573b11
http://git.kernel.org/stable/c/0b532f59437f688563e9c58bdc1436fefa46e3b5
http://git.kernel.org/stable/c/5ab6aecbede080b44b8e34720ab72050bf1e6982
http://git.kernel.org/stable/c/483eb70f441e2df66ade78aa7217e6e4caadfef3
http://git.kernel.org/stable/c/9ec8b0ccadb908d92f7ee211a4eff05fd932f3f6
http://git.kernel.org/stable/c/78741b4caae1e880368cb2f5110635f3ce45ecfd
http://git.kernel.org/stable/c/431e9215576d7b728f3f53a704d237a520092120
http://git.kernel.org/stable/c/d73fb8bddf89503c9fae7c42e50d44c89909aad6
http://git.kernel.org/stable/c/7c988176b6c16c516474f6fceebe0f055af5eb56
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
