#VU100132 Reachable assertion in Linux kernel - CVE-2024-50200
Vulnerability identifier: #VU100132
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-617
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the mte_node_or_none(), mas_wr_walk(), mas_wr_walk_index() and mas_wr_spanning_store() functions in lib/maple_tree.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/7c7874977da9e47ca0f53d8b9a5b17385fed83f2
https://git.kernel.org/stable/c/677f1df179cb68c12ddf7707ec325eb50e99c7d9
https://git.kernel.org/stable/c/982dd0d26d1f015ed34866579480d2be5250b0ef
https://git.kernel.org/stable/c/bea07fd63192b61209d48cbb81ef474cc3ee4c62
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
