SB20241230247 - Improper Initialization in Linux kernel core
Published: December 30, 2024 Updated: May 11, 2025
Security Bulletin ID
SB20241230247
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Initialization (CVE-ID: CVE-2024-53180)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the snd_pcm_mmap_data_fault() function in sound/core/pcm_native.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/0c4c9bf5eab7bee6b606f2abb0993e933b5831a0
- https://git.kernel.org/stable/c/832efbb74b1578e3737d593a204d42af8bd1b81b
- https://git.kernel.org/stable/c/8799f4332a9fd812eadfbc32fc5104d6292f754f
- https://git.kernel.org/stable/c/bc200027ee92fba84f1826494735ed675f3aa911
- https://git.kernel.org/stable/c/d2913a07d9037fe7aed4b7e680684163eaed6bc4
- https://git.kernel.org/stable/c/f0ce9e24eff1678c16276f9717f26a78202506a2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.11