#VU94318 Input validation error in Linux kernel - CVE-2024-40963

Vulnerability identifier: #VU94318

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40963

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the bcm6358_quirks() function in arch/mips/bmips/setup.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/10afe5f7d30f6fe50c2b1177549d0e04921fc373
https://git.kernel.org/stable/c/36d771ce6028b886e18a4a8956a5d23688e4e13d
https://git.kernel.org/stable/c/89167072fd249e5f23ae2f8093f87da5925cef27
https://git.kernel.org/stable/c/6c0f6ccd939166f56a904c792d7fcadae43b9085
https://git.kernel.org/stable/c/2cd4854ef14a487bcfb76c7980675980cad27b52
https://git.kernel.org/stable/c/da895fd6da438af8d9326b8f02d715a9c76c3b5b
https://git.kernel.org/stable/c/ce5cdd3b05216b704a704f466fb4c2dff3778caf

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.