#VU93351 Improper Initialization in Linux kernel - CVE-2024-35960

Vulnerability identifier: #VU93351

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35960

CWE-ID: CWE-665

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/de0139719cdda82806a47580ca0df06fc85e0bd2
https://git.kernel.org/stable/c/1263b0b26077b1183c3c45a0a2479573a351d423
https://git.kernel.org/stable/c/3d90ca9145f6b97b38d0c2b6b30f6ca6af9c1801
https://git.kernel.org/stable/c/7aaee12b804c5e0374e7b132b6ec2158ff33dd64
https://git.kernel.org/stable/c/2e8dc5cffc844dacfa79f056dea88002312f253f
https://git.kernel.org/stable/c/5cf5337ef701830f173b4eec00a4f984adeb57a0
https://git.kernel.org/stable/c/adf67a03af39095f05d82050f15813d6f700159d
https://git.kernel.org/stable/c/7c6782ad4911cbee874e85630226ed389ff2e453
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.