#VU99041 Input validation error in Linux kernel - CVE-2024-49938
Vulnerability identifier: #VU99041
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ath9k_hif_usb_rx_cb() and ath9k_hif_usb_reg_in_cb() functions in drivers/net/wireless/ath/ath9k/hif_usb.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/b02eb7c86ff2ef1411c3095ec8a52b13f68db04f
https://git.kernel.org/stable/c/012ae530afa0785102360de452745d33c99a321b
https://git.kernel.org/stable/c/6a875220670475d9247e576c15dc29823100a4e4
https://git.kernel.org/stable/c/e37e348835032d6940ec89308cc8996ded691d2d
https://git.kernel.org/stable/c/2c230210ec0ae6ed08306ac70dc21c24b817bb95
https://git.kernel.org/stable/c/a9f4e28e8adaf0715bd4e01462af0a52ee46b01f
https://git.kernel.org/stable/c/94745807f3ebd379f23865e6dab196f220664179
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
