SB2024082186 - Input validation error in Linux kernel sched
Published: August 21, 2024 Updated: May 12, 2025
Security Bulletin ID
SB2024082186
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2023-52906)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the valid_label() and NLA_POLICY_EXACT_LEN() functions in net/sched/act_mpls.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2b157c3c5d6b8ddca48d53c9e662032f65af8d61
- https://git.kernel.org/stable/c/453277feb41c2235cf2c0de9209eef962c401457
- https://git.kernel.org/stable/c/9e2c38827cdc6fdd3bb375c8607fc04d289756f9
- https://git.kernel.org/stable/c/8a97b544b98e44f596219ebb290fd2ba2fd5d644
- https://git.kernel.org/stable/c/9e17f99220d111ea031b44153fdfe364b0024ff2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.164
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.89
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2