#VU97546 Improper error handling in Linux kernel - CVE-2024-46783
Vulnerability identifier: #VU97546
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the sk_stream_error() function in net/ipv4/tcp_bpf.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/6f9fdf5806cced888c43512bccbdf7fefd50f510
https://git.kernel.org/stable/c/3efe53eb221a38e207c1e3f81c51e4ca057d50c2
https://git.kernel.org/stable/c/78bb38d9c5a311c5f8bdef7c9557d7d81ca30e4a
https://git.kernel.org/stable/c/810a4e7d92dea4074cb04c25758320909d752193
https://git.kernel.org/stable/c/c8219a27fa43a2cbf99f5176f6dddfe73e7a24ae
https://git.kernel.org/stable/c/126d72b726c4cf1119f3a7fe413a78d341c3fea9
https://git.kernel.org/stable/c/fe1910f9337bd46a9343967b547ccab26b4b2c6e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
