#VU96209 Input validation error in Linux kernel


Published: 2024-08-19

Vulnerability identifier: #VU96209

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-42312

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the proc_sys_make_inode() function in fs/proc/proc_sysctl.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/1deae34db9f4f8e0e03f891be2e2e15c15c8ac05
http://git.kernel.org/stable/c/ffde3af4b29bf97d62d82e1d45275587e10a991a
http://git.kernel.org/stable/c/c7e2f43d182f5dde473389dbb39f16c9f0d64536
http://git.kernel.org/stable/c/98ca62ba9e2be5863c7d069f84f7166b45a5b2f4

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 20.03 LTS SP4 update for kernel
openEuler 22.03 LTS SP3 update for kernel
openEuler 22.03 LTS SP4 update for kernel