Severity
Medium
Analysis Summary
CVE-2024-35880 CVSS:4.6
Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by an error within the handling of the io_uring buffer list. An attacker could exploit this vulnerability to execute arbitrary code on the system in the context of the kernel.
CVE-2024-41090 CVSS:7.1
Linux Kernel is vulnerable to a denial of service, caused by missing check against the validity of the frame length in the tap_get_user_xdp() path. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-41091 CVSS:7.1
Linux Kernel is vulnerable to a denial of service, caused by missing check against the validity of the frame length in the tun_xdp_one() path. By sending a specially crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Gain Access
- Denial of Service
Indicators of Compromise
CVE
- CVE-2024-35880
- CVE-2024-41090
- CVE-2024-41091
Affected Vendors
Affected Products
- Linux Kernel 4.20
- Linux Kernel 6.6
- Linux Kernel 6.7.0
- Linux Kernel 6.8
- Linux Kernel 6.7
- Linux Kernel 6.9
Remediation
Refer to Linux Kernel GIT Repository for patch, upgrade or suggested workaround information.