Vulnerability identifier: #VU97786
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-46828
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the net/sched/sch_cake.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/4a4eeefa514db570be025ab46d779af180e2c9bb
https://git.kernel.org/stable/c/7725152b54d295b7da5e34c2f419539b30d017bd
https://git.kernel.org/stable/c/cde71a5677971f4f1b69b25e854891dbe78066a4
https://git.kernel.org/stable/c/549e407569e08459d16122341d332cb508024094
https://git.kernel.org/stable/c/d4a9039a7b3d8005b90c7b1a55a306444f0e5447
https://git.kernel.org/stable/c/d7c01c0714c04431b5e18cf17a9ea68a553d1c3c
https://git.kernel.org/stable/c/546ea84d07e3e324644025e2aae2d12ea4c5896e
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.