#VU97815 Improper error handling in Linux kernel - CVE-2024-46846

Cybersecurity Help s.r.o.

Published: 2024-09-30

Vulnerability identifier: #VU97815

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-46846

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the rockchip_spi_suspend() and rockchip_spi_resume() functions in drivers/spi/spi-rockchip.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/14f970a8d03d882b15b97beb83bd84ac8ba6298c
https://git.kernel.org/stable/c/d034bff62faea1a2219e0d2f3d17263265f24087
https://git.kernel.org/stable/c/0efbad8445fbba7896402500a1473450a299a08a
https://git.kernel.org/stable/c/be721b451affbecc4ba4eaac3b71cdbdcade1b1b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Dell APEX Cloud Platform for Red Hat OpenShift update for third-party components

Dell SmartFabric Manager update for third-party components

Multiple vulnerabilities in IBM Security Guardium

Ubuntu update for linux-azure

Ubuntu update for linux-hwe-6.8

SUSE update for the Linux Kernel

Ubuntu update for linux

Ubuntu update for linux-nvidia

Ubuntu update for linux-gkeop