SB2024070706 - Resource management error in Linux kernel misc vmw_vmci driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2024-35944)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051
• https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b
• https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100
• https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74
• https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75
• https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73
• https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f
• https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.155
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.86
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.27
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.6