Vulnerability identifier: #VU95101

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42095

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de
http://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b
http://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0
http://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b
http://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e
http://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.