#VU95031 Use of uninitialized resource in Linux kernel - CVE-2024-42076
Vulnerability identifier: #VU95031
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the MODULE_ALIAS() and j1939_send_one() functions in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/5e4ed38eb17eaca42de57d500cc0f9668d2b6abf
https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66e29335adf64b9e457300dd4
https://git.kernel.org/stable/c/4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f
https://git.kernel.org/stable/c/f97cbce633923588307049c4aef9feb2987e371b
https://git.kernel.org/stable/c/ab2a683938ba4416d389c2f5651cbbb2c41b779f
https://git.kernel.org/stable/c/ba7e5ae8208ac07d8e1eace0951a34c169a2d298
https://git.kernel.org/stable/c/b7cdf1dd5d2a2d8200efd98d1893684db48fe134
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
