#VU99083 Use of uninitialized resource in Linux kernel - CVE-2024-50035
Vulnerability identifier: #VU99083
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/30d91a478d58cbae3dbaa8224d17d0d839f0d71b
https://git.kernel.org/stable/c/fadf8fdb3110d3138e05c3765f645535434f8d76
https://git.kernel.org/stable/c/ce249a4c68d0ce27a8c5d853338d502e2711a314
https://git.kernel.org/stable/c/8fe992ff3df493d1949922ca234419f3ede08dff
https://git.kernel.org/stable/c/c007a14797240607038bd3464501109f408940e2
https://git.kernel.org/stable/c/40dddd4b8bd08a69471efd96107a4e1c73fabefc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
