#VU94319 Input validation error in Linux kernel - CVE-2024-40968
Vulnerability identifier: #VU94319
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __cvmx_pcie_build_config_addr() function in arch/mips/pci/pcie-octeon.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419
https://git.kernel.org/stable/c/64845ac64819683ad5e51b668b2ed56ee3386aee
https://git.kernel.org/stable/c/6c1b9fe148a4e03bbfa234267ebb89f35285814a
https://git.kernel.org/stable/c/25998f5613159fe35920dbd484fcac7ea3ad0799
https://git.kernel.org/stable/c/d996deb80398a90dd3c03590e68dad543da87d62
https://git.kernel.org/stable/c/1c33fd17383f48f679186c54df78542106deeaa0
https://git.kernel.org/stable/c/38d647d509543e9434b3cc470b914348be271fe9
https://git.kernel.org/stable/c/29b83a64df3b42c88c0338696feb6fdcd7f1f3b7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
