Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2024-26743 |
CWE-ID | CWE-667 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU92042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26743
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a
http://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a
http://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc
http://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298
http://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6
http://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.