SB20240603150 - Use of uninitialized resource in Linux kernel hsr

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of uninitialized resource (CVE-ID: CVE-2024-26863)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/e3b2bfb8ff1810a537b2aa55ba906a6743ed120c
• https://git.kernel.org/stable/c/889ed056eae7fda85b769a9ab33c093379c45428
• https://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a
• https://git.kernel.org/stable/c/a809bbfd0e503351d3051317288a70a4569a4949
• https://git.kernel.org/stable/c/1ed222ca7396938eb1ab2d034f1ba0d8b00a7122
• https://git.kernel.org/stable/c/39cc316fb3bc5e7c9dc5eed314fe510d119c6862
• https://git.kernel.org/stable/c/97d2148ea435dff4b4e71817c9032eb321bcd37e
• https://git.kernel.org/stable/c/09e5cdbe2cc88c3c758927644a3eb02fac317209
• https://git.kernel.org/stable/c/ddbec99f58571301679addbc022256970ca3eac6
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.311
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2