Input validation error in Linux kernel - CVE-2024-26675
Published: June 3, 2024 / Updated: May 14, 2025
Vulnerability identifier: #VU90858
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-26675
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/4fdb14ba89faff6e6969a4dffdc8e54235d6e5ed
- https://git.kernel.org/stable/c/56fae81633ccee307cfcb032f706bf1863a56982
- https://git.kernel.org/stable/c/b06e067e93fa4b98acfd3a9f38a398ab91bbc58b
- https://git.kernel.org/stable/c/58fbe665b097bf7b3144da7e7b91fb27aa8d0ae3
- https://git.kernel.org/stable/c/4e2c4846b2507f6dfc9bea72b7567c2693a82a16
- https://git.kernel.org/stable/c/7e5ef49670766c9742ffcd9cead7cdb018268719
- https://git.kernel.org/stable/c/210d938f963dddc543b07e66a79b7d8d4bd00bd8
- https://git.kernel.org/stable/c/cb88cb53badb8aeb3955ad6ce80b07b598e310b8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.307
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.149
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.269
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.78
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8