#VU102222 Improper Initialization in Linux kernel - CVE-2024-53180
Published: December 30, 2024 / Updated: May 11, 2025
Vulnerability identifier: #VU102222
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-53180
CWE-ID: CWE-665
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the snd_pcm_mmap_data_fault() function in sound/core/pcm_native.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/0c4c9bf5eab7bee6b606f2abb0993e933b5831a0
- https://git.kernel.org/stable/c/832efbb74b1578e3737d593a204d42af8bd1b81b
- https://git.kernel.org/stable/c/8799f4332a9fd812eadfbc32fc5104d6292f754f
- https://git.kernel.org/stable/c/bc200027ee92fba84f1826494735ed675f3aa911
- https://git.kernel.org/stable/c/d2913a07d9037fe7aed4b7e680684163eaed6bc4
- https://git.kernel.org/stable/c/f0ce9e24eff1678c16276f9717f26a78202506a2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11