SB20240731107 - Use of uninitialized resource in Linux kernel ipv4
Published: July 31, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20240731107
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2024-42106)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_diag_dump_compat() and inet_diag_get_exact_compat() functions in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/7094a5fd20ab66028f1da7f06e0f2692d70346f9
- https://git.kernel.org/stable/c/0184bf0a349f4cf9e663abbe862ff280e8e4dfa2
- https://git.kernel.org/stable/c/7ef519c8efde152e0d632337f2994f6921e0b7e4
- https://git.kernel.org/stable/c/8366720519ea8d322a20780debdfd23d9fc0904a
- https://git.kernel.org/stable/c/d6f487e0704de2f2d15f8dd5d7d723210f2b2fdb
- https://git.kernel.org/stable/c/76965648fe6858db7c5f3c700fef7aa5f124ca1c
- https://git.kernel.org/stable/c/f9b2010e8af49fac9d9562146fb81744d8a9b051
- https://git.kernel.org/stable/c/61cf1c739f08190a4cbf047b9fbb192a94d87e3f
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39