Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-27389 |
CWE-ID | CWE-399 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU91608
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27389
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e
http://git.kernel.org/stable/c/4cdf9006fc095af71da80e9b5f48a32e991b9ed3
http://git.kernel.org/stable/c/cb9e802e49c24eeb3af35e9e8c04d526f35f112a
http://git.kernel.org/stable/c/340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6
http://git.kernel.org/stable/c/a43e0fc5e9134a46515de2f2f8d4100b74e50de3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.