Denial of service in Linux kernel syscall handling



Published: 2024-03-07
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-25744
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU87191

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25744

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to missing access restrictions related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. An untrusted VMM can trigger int80 syscall handling at any given point and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: before 6.6.7

External links

http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b82a8dbd3d2f4563156f7150c6f2ecab6e960b30
http://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###