#VU96542 Input validation error in Linux kernel - CVE-2024-43914

Vulnerability identifier: #VU96542

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-43914

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the reshape_request() function in drivers/md/raid5.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0
https://git.kernel.org/stable/c/6b33c468d543f6a83de2d61f09fec74b27e19fd2
https://git.kernel.org/stable/c/c384dd4f1fb3b14a2fd199360701cc163ea88705
https://git.kernel.org/stable/c/bf0ff69a42a3d2d46876d0514ecf13dffc516666
https://git.kernel.org/stable/c/3b33740c1750a39e046339ff9240e954f0156707
https://git.kernel.org/stable/c/775a9ba16c9ffe98fe54ebf14e55d5660f2bf600
https://git.kernel.org/stable/c/4811d6e5d9f4090c3e0ff9890eb24077108046ab
https://git.kernel.org/stable/c/305a5170dc5cf3d395bb4c4e9239bca6d0b54b49

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.