#VU93281 Resource management error in Linux kernel - CVE-2024-36004
Vulnerability identifier: #VU93281
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the i40e_init_module() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/09b54d29f05129b092f7c793a70b689ffb3c7b2c
https://git.kernel.org/stable/c/546d0fe9d76e8229a67369f9cb61e961d99038bd
https://git.kernel.org/stable/c/fbbb2404340dd6178e281bd427c271f7d5ec1d22
https://git.kernel.org/stable/c/ff7431f898dd00892a545b7d0ce7adf5b926944f
https://git.kernel.org/stable/c/152ed360cf2d273f88fc99a518b7eb868aae2939
https://git.kernel.org/stable/c/8d6105f637883c8c09825e962308c06e977de4f0
https://git.kernel.org/stable/c/1594dac8b1ed78f9e75c263327e198a2e5e25b0e
https://git.kernel.org/stable/c/2cc7d150550cc981aceedf008f5459193282425c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
