#VU99062 Improper error handling in Linux kernel - CVE-2024-50040

Vulnerability identifier: #VU99062

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50040

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the igb_io_resume() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/d79af3af2f49c6aae9add3d492c04d60c1b85ce4
https://git.kernel.org/stable/c/0a94079e3841d00ea5abb05e3233d019a86745f6
https://git.kernel.org/stable/c/6a39c8f5c8aae74c5ab2ba466791f59ffaab0178
https://git.kernel.org/stable/c/57c5053eaa5f9a8a99e34732e37a86615318e464
https://git.kernel.org/stable/c/500be93c5d53b7e2c5314292012185f0207bad0c
https://git.kernel.org/stable/c/330a699ecbfc9c26ec92c6310686da1230b4e7eb

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.