Improper locking in Linux kernel scsi megaraid driver

Published: 2025-01-17

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-57807
CWE-ID	CWE-667
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Linux kernel Operating systems & Components / Operating system
Vendor	Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU102938

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57807

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the megasas_aen_polling() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

CPE2.3

cpe:2.3:o:linux_foundation:linux_kernel:*:*:*:*:*:*:*:*

External links

http://git.kernel.org/stable/c/3c654998a3e8167a58b6c6fede545fe400a4b554
http://git.kernel.org/stable/c/466ca39dbf5d0ba71c16b15c27478a9c7d4022a8
http://git.kernel.org/stable/c/50740f4dc78b41dec7c8e39772619d5ba841ddd7
http://git.kernel.org/stable/c/78afb9bfad00c4aa58a424111d7edbcab9452f2b
http://git.kernel.org/stable/c/edadc693bfcc0f1ea08b8fa041c9361fd042410d
http://git.kernel.org/stable/c/f36d024bd15ed356a80dda3ddc46d0a62aa55815
http://git.kernel.org/stable/c/f50783148ec98a1d38b87422e2ceaf2380b7b606

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.