#VU95099 Input validation error in Linux kernel - CVE-2024-42120
Vulnerability identifier: #VU95099
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_vblank_set() function in drivers/gpu/drm/amd/display/dc/irq/dce110/irq_service_dce110.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6
https://git.kernel.org/stable/c/0b3702f9d43d163fd05e43b7d7e22e766dbef329
https://git.kernel.org/stable/c/d2c3645a4a5ae5d933b4116c305d9d82b8199dbf
https://git.kernel.org/stable/c/96bf81cc1bd058bb8af6e755a548e926e934dfd1
https://git.kernel.org/stable/c/c5ec2afeeee4c91cebc4eff6d4f1ecf4047259f4
https://git.kernel.org/stable/c/5396a70e8cf462ec5ccf2dc8de103c79de9489e6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
