Severity
Medium
Analysis Summary
CVE-2024-35789 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when moving a station out of a VLAN and deleting the VLAN afterwards. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-35888 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by not making sure erspan_base_hdr is present in skb linear part by the ip6erspan_rcv() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-35835 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a double free flaw in arfs_create_groups. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-35958 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by an incorrect descriptor free behavior. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-35789
- CVE-2024-35888
- CVE-2024-35835
- CVE-2024-35958
Affected Vendors
Affected Products
- Linux Kernel 4.19.10
- Linux Kernel 5.6.0
- Linux Kernel 5.4
- Linux Kernel 5.10
- Linux Kernel 5.15
- Linux Kernel 6.1
- Linux Kernel 6.6
- Linux Kernel 6.7.0
- Linux Kernel 4.7.0
- Linux Kernel 6.8
Remediation
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.