Improper locking in Linux kernel tty serial driver



Published: 2024-06-08
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-27000
CWE-ID CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU91450

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27000

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/2c9b943e9924cf1269e44289bc5e60e51b0f5270
http://git.kernel.org/stable/c/5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37
http://git.kernel.org/stable/c/94b0e65c75f4af888ab2dd6c90f060f762924e86
http://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026
http://git.kernel.org/stable/c/56434e295bd446142025913bfdf1587f5e1970ad
http://git.kernel.org/stable/c/21535ef0ac1945080198fe3e4347ea498205c99a
http://git.kernel.org/stable/c/0dc0637e6b16158af85945425821bfd0151adb37
http://git.kernel.org/stable/c/479244d68f5d94f3903eced52b093c1e01ddb495


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###