#VU99223 Input validation error in Linux kernel - CVE-2024-49967
Vulnerability identifier: #VU99223
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_split() function in fs/ext4/namei.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/133ff0d78f1b160de011647bb65807195ca5d1ca
http://git.kernel.org/stable/c/aca593e6070e21979430c344e9cb0b272a9e7e10
http://git.kernel.org/stable/c/a02d7f5b24193aed451ac67aad3453472e79dc78
http://git.kernel.org/stable/c/2d64e7dada22ab589d1ac216a3661074d027f25e
http://git.kernel.org/stable/c/fe192515d2937b8ed2d21921b558a06dd2031d21
http://git.kernel.org/stable/c/9d4b2e4c36bb88d57018c1cbc8b6a0c4b44a7f42
http://git.kernel.org/stable/c/1a00a393d6a7fb1e745a41edd09019bd6a0ad64c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
