Vulnerability identifier: #VU94118
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/f549f340c91f08b938d60266e792ff7748dae483
http://git.kernel.org/stable/c/65ee90efc928410c6f73b3d2e0afdd762652c09d
http://git.kernel.org/stable/c/b775ced05489f4b77a35fe203e9aeb22f428e38f
http://git.kernel.org/stable/c/0f501dae16b7099e69ee9b0d5c70b8f40fd30e98
http://git.kernel.org/stable/c/cfe3550ea5df292c9e2d608e8c4560032391847e
http://git.kernel.org/stable/c/38cc1605338d99205a263707f4dde76408d3e0e8
http://git.kernel.org/stable/c/8059918a1377f2f1fff06af4f5a4ed3d5acd6bc4
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.