#VU96542 Input validation error in Linux kernel


Published: 2024-08-26

Vulnerability identifier: #VU96542

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43914

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0
http://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2
http://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705
http://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666
http://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707
http://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600
http://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab
http://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP3 update for kernel
openEuler 22.03 LTS SP4 update for kernel
openEuler 24.03 LTS update for kernel
openEuler 22.03 LTS SP1 update for kernel
openEuler 20.03 LTS SP4 update for kernel
Input validation error in Linux kernel md driver