#VU97833 Incorrect calculation in Linux kernel - CVE-2024-46844
Vulnerability identifier: #VU97833
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-682
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the setup_one_line() function in arch/um/drivers/line.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5
https://git.kernel.org/stable/c/96301fdc2d533a196197c055af875fe33d47ef84
https://git.kernel.org/stable/c/c8944d449fda9f58c03bd99649b2df09948fc874
https://git.kernel.org/stable/c/43f782c27907f306c664b6614fd6f264ac32cce6
https://git.kernel.org/stable/c/289979d64573f43df1d0e6bc6435de63a0d69cdf
https://git.kernel.org/stable/c/ec5b47a370177d79ae7773858042c107e21f8ecc
https://git.kernel.org/stable/c/fc843d3837ebcb1c16d3768ef3eb55e25d5331f2
https://git.kernel.org/stable/c/824ac4a5edd3f7494ab1996826c4f47f8ef0f63d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
