#VU99083 Use of uninitialized resource in Linux kernel - CVE-2024-50035
Published: October 22, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU99083
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-50035
CWE-ID: CWE-908
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ppp_async_encode() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/30d91a478d58cbae3dbaa8224d17d0d839f0d71b
- https://git.kernel.org/stable/c/fadf8fdb3110d3138e05c3765f645535434f8d76
- https://git.kernel.org/stable/c/ce249a4c68d0ce27a8c5d853338d502e2711a314
- https://git.kernel.org/stable/c/8fe992ff3df493d1949922ca234419f3ede08dff
- https://git.kernel.org/stable/c/c007a14797240607038bd3464501109f408940e2
- https://git.kernel.org/stable/c/40dddd4b8bd08a69471efd96107a4e1c73fabefc
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.323
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.285
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.57