SB20240603152 - Use of uninitialized resource in Linux kernel netlink
Published: June 3, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240603152
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2024-26805)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65
- https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777
- https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77
- https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285
- https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44
- https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736
- https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d
- https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.309
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.212
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.151
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.271
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.81
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8