Use of uninitialized resource in Linux kernel can j1939
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-42076 |
| CWE-ID | CWE-908 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Use of uninitialized resource
EUVDB-ID: #VU95031
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42076
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the MODULE_ALIAS() and j1939_send_one() functions in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.4 - 6.6.36
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/5e4ed38eb17eaca42de57d500cc0f9668d2b6abf
https://git.kernel.org/stable/c/a2a0ebff7fdeb2f66e29335adf64b9e457300dd4
https://git.kernel.org/stable/c/4c5dc3927e17489c1cae6f48c0d5e4acb4cae01f
https://git.kernel.org/stable/c/f97cbce633923588307049c4aef9feb2987e371b
https://git.kernel.org/stable/c/ab2a683938ba4416d389c2f5651cbbb2c41b779f
https://git.kernel.org/stable/c/ba7e5ae8208ac07d8e1eace0951a34c169a2d298
https://git.kernel.org/stable/c/b7cdf1dd5d2a2d8200efd98d1893684db48fe134
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.97
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.37
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
