#VU95075 Incorrect calculation in Linux kernel - CVE-2024-42130

Cybersecurity Help s.r.o.

Published: 2024-07-31

Vulnerability identifier: #VU95075

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42130

CWE-ID: CWE-682

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the virtual_ncidev_write() function in drivers/nfc/virtual_ncidev.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f
https://git.kernel.org/stable/c/41f5e2840cd0629f049ce5ce2f8dd10a8299de42
https://git.kernel.org/stable/c/056478b4321b36ca33567089d39ac992f6c9c37a
https://git.kernel.org/stable/c/22a72c1c10f43ca645a98725e0faff34592f4d08
https://git.kernel.org/stable/c/068648aab72c9ba7b0597354ef4d81ffaac7b979

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-gkeop

Ubuntu update for linux-lowlatency

Ubuntu update for linux-gke

Ubuntu update for linux-raspi

Ubuntu update for linux-oem-6.8

Ubuntu update for linux-aws

Ubuntu update for linux-nvidia

Ubuntu update for linux-azure

Ubuntu update for linux-azure-6.8

Ubuntu update for linux