#VU95012 Improper error handling in Linux kernel - CVE-2024-42224

Vulnerability identifier: #VU95012

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42224

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mv88e6xxx_default_mdio_bus() function in drivers/net/dsa/mv88e6xxx/chip.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee
https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618
https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5
https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114
https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89
https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d
https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4
https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43b0ba19b

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.