SB20240603135 - Use of uninitialized resource in Linux kernel nsh
Published: June 3, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240603135
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2024-36933)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9
- https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c
- https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216
- https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a
- https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2
- https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340
- https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a
- https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.314
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.217
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.159
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.276
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.10