SB20241022194 - Use of uninitialized resource in Linux kernel net slip driver
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022194
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Use of uninitialized resource (CVE-ID: CVE-2024-50033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the slhc_remember() function in drivers/net/slip/slhc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/36b054324d18e51cf466134e13b6fbe3c91f52af
- https://git.kernel.org/stable/c/5e336384cc9b608e0551f99c3d87316ca3b0e51a
- https://git.kernel.org/stable/c/ff5e0f895315706e4ca5a19df15be6866cee4f5d
- https://git.kernel.org/stable/c/8bb79eb1db85a10865f0d4dd15b013def3f2d246
- https://git.kernel.org/stable/c/29e8d96d44f51cf89a62dd042be35d052833b95c
- https://git.kernel.org/stable/c/7d3fce8cbe3a70a1c7c06c9b53696be5d5d8dd5c
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.227
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.168
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.285
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.57