Improper locking in Linux kernel fsl qbman driver

1) Improper locking

EUVDB-ID: #VU91448

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35819

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/2b3fede8225133671ce837c0d284804aa3bc7a02
http://git.kernel.org/stable/c/ff50716b7d5b7985979a5b21163cd79fb3d21d59
http://git.kernel.org/stable/c/32edca2f03a6cc42c650ddc3ad83d086e3f365d1
http://git.kernel.org/stable/c/9a3ca8292ce9fdcce122706c28c3f07bc857fe5e
http://git.kernel.org/stable/c/d6b5aac451c9cc12e43ab7308e0e2ddc52c62c14
http://git.kernel.org/stable/c/54d26adf64c04f186098b39dba86b86037084baa
http://git.kernel.org/stable/c/f39d36b7540cf0088ed7ce2de2794f2aa237f6df
http://git.kernel.org/stable/c/cd53a8ae5aacb4ecd25088486dea1cd02e74b506
http://git.kernel.org/stable/c/fbec4e7fed89b579f2483041fabf9650fb0dd6bc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.