#VU93042 Use of uninitialized resource in Linux kernel - CVE-2024-38381
Vulnerability identifier: #VU93042
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/406cfac9debd4a6d3dc5d9258ee086372a8c08b6
https://git.kernel.org/stable/c/485ded868ed62ceb2acb3a459d7843fd71472619
https://git.kernel.org/stable/c/f80b786ab0550d0020191a59077b2c7e069db2d1
https://git.kernel.org/stable/c/ad4d196d2008c7f413167f0a693feb4f0439d7fe
https://git.kernel.org/stable/c/e8c8e0d0d214c877fbad555df5b3ed558cd9b0c3
https://git.kernel.org/stable/c/e53a7f8afcbd2886f2a94c5d56757328109730ea
https://git.kernel.org/stable/c/017ff397624930fd7ac7f1761f3c9d6a7100f68c
https://git.kernel.org/stable/c/e4a87abf588536d1cdfb128595e6e680af5cf3ed
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
