Use of uninitialized resource in Linux kernel ocfs2

1) Use of uninitialized resource

EUVDB-ID: #VU101917

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-53155

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ocfs2_file_write_iter() and ocfs2_file_read_iter() functions in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

http://git.kernel.org/stable/c/366c933c2ab34dd6551acc03b4872726b7605143
http://git.kernel.org/stable/c/66b7ddd1804e2c4216dd7ead8eeb746cdbb3b62f
http://git.kernel.org/stable/c/6c8f8d1e595dabd5389817f6d798cc8bd95c40ab
http://git.kernel.org/stable/c/83f8713a0ef1d55d6a287bcfadcaab8245ac5098
http://git.kernel.org/stable/c/8c966150d5abff58c3c2bdb9a6e63fd773782905
http://git.kernel.org/stable/c/8e0de82ed18ba0e71f817adbd81317fd1032ca5a
http://git.kernel.org/stable/c/adc77b19f62d7e80f98400b2fca9d700d2afdd6f
http://git.kernel.org/stable/c/dc78efe556fed162d48736ef24066f42e463e27c
http://git.kernel.org/stable/c/f4078ef38d3163e6be47403a619558b19c4bfccd

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.