SB2024061330 - Improper locking in Linux kernel ubifs

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2024-35821)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e
• https://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310
• https://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f
• https://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3
• https://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3
• https://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f
• https://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e
• https://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566
• https://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.312
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3