Input validation error in Linux kernel include asm
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-42126 |
| CWE-ID | CWE-20 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Input validation error
EUVDB-ID: #VU94997
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-42126
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the pcpu_cpu_to_node() and setup_per_cpu_areas() functions in arch/powerpc/kernel/setup_64.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.10 - 6.6.38
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.3:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/8d3f83dfb23674540c827a8d65fba20aa300b252
https://git.kernel.org/stable/c/0f37946c62c48a907625348cbc720a7a0c547d1e
https://git.kernel.org/stable/c/2c78c9411e685dbc9eac8c2845111b03501975b8
https://git.kernel.org/stable/c/0db880fc865ffb522141ced4bfa66c12ab1fbb70
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.224
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.165
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.98
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.39
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
