#VU97269 Input validation error in Linux kernel - CVE-2024-46679
Vulnerability identifier: #VU97269
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the speed_show() function in net/core/net-sysfs.c, within the __ethtool_get_link_ksettings() function in net/core/ethtool.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62
https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e
https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc
https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4
https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb
https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2
https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088c7c8466
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
