April 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Fortinet Products Vulnerabilities
July 11, 2024Japanese Organizations Targeted by North Korean Kimsuky APT
July 11, 2024Multiple Fortinet Products Vulnerabilities
July 11, 2024Japanese Organizations Targeted by North Korean Kimsuky APT
July 11, 2024
Severity
Medium
Analysis Summary
CVE-2024-35789 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when moving a station out of a VLAN and deleting the VLAN afterwards. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-35888 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by not making sure erspan_base_hdr is present in skb linear part by the ip6erspan_rcv() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-35835 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by a double free flaw in arfs_create_groups. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-35958 CVSS:5.5
Linux Kernel is vulnerable to a denial of service, caused by an incorrect descriptor free behavior. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-35789
- CVE-2024-35888
- CVE-2024-35835
- CVE-2024-35958
Affected Vendors
Linux
Affected Products
- Linux Kernel 4.19.10
- Linux Kernel 5.6.0
- Linux Kernel 5.4
- Linux Kernel 5.10
- Linux Kernel 5.15
- Linux Kernel 6.1
- Linux Kernel 6.6
- Linux Kernel 6.7.0
- Linux Kernel 4.7.0
- Linux Kernel 6.8
Remediation
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.
