Denial of service in Linux kernel binder



Published: 2024-05-08
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-26606
CWE-ID CWE-399
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource management error

EUVDB-ID: #VU89247

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26606

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac
http://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61
http://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc
http://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc
http://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769
http://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68
http://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69
http://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###