#VU94125 Input validation error in Linux kernel - CVE-2024-35988
Vulnerability identifier: #VU94125
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/riscv/include/asm/pgtable.h. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/04bf2e5f95c1a52e28a7567a507f926efe31c3b6
https://git.kernel.org/stable/c/52e8a42b11078d2aad4b9ba96503d77c7299168b
https://git.kernel.org/stable/c/4201b8c8f2c32af321fb50867e68ac6c1cbed4be
https://git.kernel.org/stable/c/a0f0dbbb1bc49fa0de18e92c36492ff6d804cdaa
https://git.kernel.org/stable/c/efdcfa554b6eb228943ef1dd4d023c606be647d2
https://git.kernel.org/stable/c/6065e736f82c817c9a597a31ee67f0ce4628e948
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
