#VU99188 Incorrect calculation in Linux kernel - CVE-2024-47742

Vulnerability identifier: #VU99188

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47742

CWE-ID: CWE-682

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the fw_abort_batch_reqs() and _request_firmware() functions in drivers/base/firmware_loader/main.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/c30558e6c5c9ad6c86459d9acce1520ceeab9ea6
https://git.kernel.org/stable/c/a77fc4acfd49fc6076e565445b2bc5fdc3244da4
https://git.kernel.org/stable/c/3d2411f4edcb649eaf232160db459bb4770b5251
https://git.kernel.org/stable/c/7420c1bf7fc784e587b87329cc6dfa3dca537aa4
https://git.kernel.org/stable/c/28f1cd94d3f1092728fb775a0fe26c5f1ac2ebeb
https://git.kernel.org/stable/c/6c4e13fdfcab34811c3143a0a03c05fec4e870ec
https://git.kernel.org/stable/c/f0e5311aa8022107d63c54e2f03684ec097d1394

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.