#VU95067 Resource management error in Linux kernel - CVE-2024-41097

Vulnerability identifier: #VU95067

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-41097

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the cxacru_bind() function in drivers/usb/atm/cxacru.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/5159a81924311c1ec786ad9fdef784ead8676a6a
https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47
https://git.kernel.org/stable/c/75ddbf776dd04a09fb9e5267ead5d0c989f84506
https://git.kernel.org/stable/c/1aac4be1aaa5177506219f01dce5e29194e5e95a
https://git.kernel.org/stable/c/5584c776a1af7807ca815ee6265f2c1429fc5727
https://git.kernel.org/stable/c/f536f09eb45e4de8d1b9accee9d992aa1846f1d4
https://git.kernel.org/stable/c/ac9007520e392541a29daebaae8b9109007bc781
https://git.kernel.org/stable/c/2eabb655a968b862bc0c31629a09f0fbf3c80d51

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.