#VU100129 Improper locking in Linux kernel - CVE-2024-50210


Vulnerability identifier: #VU100129

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50210

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/e56e0ec1b79f5a6272c6e78b36e9d593aa0449af
https://git.kernel.org/stable/c/5f063bbf1ee6b01611c016b54e050a41506eb794
https://git.kernel.org/stable/c/1ba33b327c3f88a7baee598979d73ab5b44d41cc
https://git.kernel.org/stable/c/b27330128eca25179637c1816d5a72d6cc408c66
https://git.kernel.org/stable/c/6e62807c7fbb3c758d233018caf94dfea9c65dbd

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Dell SmartFabric Manager update for third-party components
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel