#VU95076 Incorrect calculation in Linux kernel - CVE-2024-42068
Vulnerability identifier: #VU95076
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-682
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the jit_subprogs() function in kernel/bpf/verifier.c, within the bpf_prog_select_runtime() function in kernel/bpf/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03
https://git.kernel.org/stable/c/e4f602e3ff749ba770bf8ff10196e18358de6720
https://git.kernel.org/stable/c/fdd411af8178edc6b7bf260f8fa4fba1bedd0a6d
https://git.kernel.org/stable/c/e3540e5a7054d6daaf9a1415a48aacb092112a89
https://git.kernel.org/stable/c/05412471beba313ecded95aa17b25fe84bb2551a
https://git.kernel.org/stable/c/7d2cc63eca0c993c99d18893214abf8f85d566d8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
