#VU108057 Input validation error in Linux kernel - CVE-2024-58099

Cybersecurity Help s.r.o.

Published: 2025-04-29 | Updated: 2025-05-10

Vulnerability identifier: #VU108057

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58099

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the vmxnet3_xdp_xmit_frame() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.11, 6.11.1, 6.11.2, 6.11.3, 6.11.4, 6.11.5

External links
https://git.kernel.org/stable/c/4678adf94da4a9e9683817b246b58ce15fb81782
https://git.kernel.org/stable/c/59ba6cdadb9c26b606a365eb9c9b25eb2052622d
https://git.kernel.org/stable/c/f82eb34fb59a8fb96c19f4f492c20eb774140bb5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 24.03 LTS update for kernel

Input validation error in Linux kernel net vmxnet3 driver