#VU94120 Input validation error in Linux kernel - CVE-2024-38615

Vulnerability identifier: #VU94120

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38615

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __cpufreq_offline() and cpufreq_remove_dev() functions in drivers/cpufreq/cpufreq.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/2d730b465e377396d2a09a53524b96b111f7ccb6
https://git.kernel.org/stable/c/dfc56ff5ec9904c008e9376d90a6d7e2d2bec4d3
https://git.kernel.org/stable/c/35db5e76d5e9f752476df5fa0b9018a2398b0378
https://git.kernel.org/stable/c/8bc9546805e572ad101681437a49939f28777273
https://git.kernel.org/stable/c/3e99f060cfd2e36504d62c9132b453ade5027e1c
https://git.kernel.org/stable/c/ae37ebca325097d773d7bb6ec069123b30772872
https://git.kernel.org/stable/c/a8204d1b6ff762d2171d365c2c8560285d0a233d
https://git.kernel.org/stable/c/b8f85833c05730d631576008daaa34096bc7f3ce

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.