Local denial of service in Linux kernel sr9800 driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-26651 |
| CWE-ID | CWE-252 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Unchecked Return Value
EUVDB-ID: #VU87902
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26651
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.
Install updates from vendor's website.
Vulnerable software versionsLinux kernel: before 6.9 rc1
External linkshttp://git.kernel.org/stable/c/424eba06ed405d557077339edb19ce0ebe39e7c7
http://git.kernel.org/stable/c/8a8b6a24684bc278036c3f159f7b3a31ad89546a
http://git.kernel.org/stable/c/6b4a39acafaf0186ed8e97c16e0aa6fca0e52009
http://git.kernel.org/stable/c/276873ae26c8d75b00747c1dadb9561d6ef20581
http://git.kernel.org/stable/c/9c402819620a842cbfe39359a3ddfaac9adc8384
http://git.kernel.org/stable/c/e39a3a14eafcf17f03c037290b78c8f483529028
http://git.kernel.org/stable/c/efba65777f98457773c5b65e3135c6132d3b015f
http://git.kernel.org/stable/c/f546cc19f9b82975238d0ba413adc27714750774
http://git.kernel.org/stable/c/07161b2416f740a2cb87faa5566873f401440a61
http://bugzilla.redhat.com/show_bug.cgi?id=2271873
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
