#VU96889 Input validation error in Linux kernel - CVE-2024-44948

Vulnerability identifier: #VU96889

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44948

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mtrr_save_state() function in arch/x86/kernel/cpu/mtrr/mtrr.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/34f36e6ee5bd7eff8b2adcd9fcaef369f752d82e
https://git.kernel.org/stable/c/06c1de44d378ec5439db17bf476507d68589bfe9
https://git.kernel.org/stable/c/450b6b22acdaac67a18eaf5ed498421ffcf10051
https://git.kernel.org/stable/c/ca7d00c5656d1791e28369919e3e10febe9c3b16
https://git.kernel.org/stable/c/8aa79dfb216b865e96ff890bc4ea71650f9bc8d7
https://git.kernel.org/stable/c/8a90d3fc7c24608548d3a750671f9dac21d1a462
https://git.kernel.org/stable/c/388f1c954019f253a8383f7eb733f38d541e10b6
https://git.kernel.org/stable/c/919f18f961c03d6694aa726c514184f2311a4614

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.