Improper locking in Linux kernel hw qedr driver



Published: 2024-06-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-26743
CWE-ID CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU92042

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26743

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links

http://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a
http://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a
http://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc
http://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298
http://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6
http://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###