Reachable Assertion in Linux kernel mm



Published: 2024-06-03
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-36000
CWE-ID CWE-617
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Reachable Assertion

EUVDB-ID: #VU90907

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36000

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the alloc_huge_page() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/4c806333efea1000a2a9620926f560ad2e1ca7cc
http://git.kernel.org/stable/c/f6c5d21db16a0910152ec8aa9d5a7aed72694505
http://git.kernel.org/stable/c/538faabf31e9c53d8c870d114846fda958a0de10
http://git.kernel.org/stable/c/b76b46902c2d0395488c8412e1116c2486cdfcb2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###