#VU94121 Input validation error in Linux kernel - CVE-2024-36031

Vulnerability identifier: #VU94121

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36031

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a
https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be
https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d
https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7
https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41
https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a
https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252
https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.