Use of uninitialized resource in Linux kernel net driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-35973 |
| CWE-ID | CWE-908 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of uninitialized resource
EUVDB-ID: #VU90872
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-35973
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 6.8.6
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536
https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c
https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915
https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79
https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670
https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e
https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852
https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.313
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.216
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.156
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.275
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.87
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.28
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
