#VU97833 Incorrect calculation in Linux kernel


Published: 2024-09-30

Vulnerability identifier: #VU97833

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-46844

CWE-ID: CWE-682

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5
http://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84
http://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874
http://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6
http://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf
http://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc
http://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2
http://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Debian update for linux
Incorrect calculation in Linux kernel um drivers