SB20240603145 - Use of uninitialized resource in Linux kernel net driver
Published: June 3, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240603145
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2024-35973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536
- https://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c
- https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915
- https://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79
- https://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670
- https://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e
- https://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852
- https://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.313
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.216
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.156
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.275
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.87
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.7