SB2024070888 - Local denial of service in Linux kernel nl80211
Published: July 8, 2024
Security Bulletin ID
SB2024070888
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2024-27410)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nl80211_set_interface() function in net/wireless/nl80211.c. A local user can manipulate with the interface mesh ID and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/d38d31bbbb9dc0d4d71a45431eafba03d0bc150d
- https://git.kernel.org/stable/c/0cfbb26ee5e7b3d6483a73883f9f6157bca22ec9
- https://git.kernel.org/stable/c/99eb2159680af8786104dac80528acd5acd45980
- https://git.kernel.org/stable/c/063715c33b4c37587aeca2c83cf08ead0c542995
- https://git.kernel.org/stable/c/930e826962d9f01dcd2220176134427358d112f2
- https://git.kernel.org/stable/c/177d574be4b58f832354ab1ef5a297aa0c9aa2df
- https://git.kernel.org/stable/c/a2add961a5ed25cfd6a74f9ffb9e7ab6d6ded838
- https://git.kernel.org/stable/c/f78c1375339a291cba492a70eaf12ec501d28a8e
- https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html