#VU95101 Input validation error in Linux kernel - CVE-2024-42095

Vulnerability identifier: #VU95101

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-42095

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the uart_write() and omap8250_irq() functions in drivers/tty/serial/8250/8250_omap.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de
https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b
https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0
https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b
https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e
https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.