#VU100084 Use of uninitialized resource in Linux kernel - CVE-2024-50143
Vulnerability identifier: #VU100084
Vulnerability risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61
http://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7
http://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8
http://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d
http://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
