Resource management error in Linux kernel irqchip driver



| Updated: 2025-05-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-26823
CWE-ID CWE-399
Exploitation vector Local
Public exploit N/A
Vulnerable software
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource management error

EUVDB-ID: #VU93201

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26823

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the its_probe_one() and its_of_probe() functions in drivers/irqchip/irq-gic-v3-its.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.6 - 6.8 rc5

CPE2.3 External links

https://git.kernel.org/stable/c/91a80fff3eeed928b6fba21271f6a9719b22a5d8
https://git.kernel.org/stable/c/4c60c611441f1f1e5de8e00e98ee5a4970778a00
https://git.kernel.org/stable/c/8b02da04ad978827e5ccd675acf170198f747a7a
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.18
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###