#VU95108 Input validation error in Linux kernel - CVE-2024-41044
Vulnerability identifier: #VU95108
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_read() and ppp_write() functions in drivers/net/ppp/ppp_generic.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/97d1efd8be26615ff680cdde86937d5943138f37
https://git.kernel.org/stable/c/6e8f1c21174f9482033bbb59f13ce1a8cbe843c3
https://git.kernel.org/stable/c/3ba12c2afd933fc1bf800f6d3f6c7ec8f602ce56
https://git.kernel.org/stable/c/ebc5c630457783d17d0c438b0ad70b232a64a82f
https://git.kernel.org/stable/c/3134bdf7356ed952dcecb480861d2afcc1e40492
https://git.kernel.org/stable/c/099502ca410922b56353ccef2749bc0de669da78
https://git.kernel.org/stable/c/d683e7f3fc48f59576af34631b4fb07fd931343e
https://git.kernel.org/stable/c/f2aeb7306a898e1cbd03963d376f4b6656ca2b55
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
