#VU95090 Input validation error in Linux kernel - CVE-2024-42157

Vulnerability identifier: #VU95090

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42157

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the pkey_unlocked_ioctl() function in drivers/s390/crypto/pkey_api.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02
https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250
https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad
https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581
https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0
https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487
https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575
https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.