Improper locking in Linux kernel f2fs
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-27034 |
| CWE-ID | CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper locking
EUVDB-ID: #VU93785
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27034
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_write_single_data_page() function in fs/f2fs/data.c, within the f2fs_compress_write_end_io(), f2fs_write_raw_pages() and unlock_page() functions in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: All versions
External linkshttp://git.kernel.org/stable/c/7d420eaaa18ec8e2bb4eeab8c65c00492ef6f416
http://git.kernel.org/stable/c/542c8b3c774a480bfd0804291a12f6f2391b0cd1
http://git.kernel.org/stable/c/75abfd61392b1db391bde6d738a30d685b843286
http://git.kernel.org/stable/c/2b1b14d9fc94b8feae20808684c8af28ec80f45b
http://git.kernel.org/stable/c/52982edfcefd475cc34af663d5c47c0cddaa5739
http://git.kernel.org/stable/c/fd244524c2cf07b5f4c3fe8abd6a99225c76544b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
