#VU96304 Resource management error in Linux kernel - CVE-2024-43879
Vulnerability identifier: #VU96304
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the cfg80211_calculate_bitrate_he() function in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/45d20a1c54be4f3173862c7b950d4468447814c9
https://git.kernel.org/stable/c/b289ebb0516526cb4abae081b7ec29fd4fa1209d
https://git.kernel.org/stable/c/2e201b3d162c6c49417c438ffb30b58c9f85769f
https://git.kernel.org/stable/c/576c64622649f3ec07e97bac8fec8b8a2ef4d086
https://git.kernel.org/stable/c/16ad67e73309db0c20cc2a651992bd01c05e6b27
https://git.kernel.org/stable/c/67b5f1054197e4f5553047759c15c1d67d4c8142
https://git.kernel.org/stable/c/19eaf4f2f5a981f55a265242ada2bf92b0c742dd
https://git.kernel.org/stable/c/bcbd771cd5d68c0c52567556097d75f9fc4e7cd6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
