#VU100150 Resource management error in Linux kernel - CVE-2024-50195
Vulnerability identifier: #VU100150
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pc_clock_settime() function in kernel/time/posix-clock.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073
https://git.kernel.org/stable/c/c8789fbe2bbf75845e45302cba6ffa44e1884d01
https://git.kernel.org/stable/c/27abbde44b6e71ee3891de13e1a228aa7ce95bfe
https://git.kernel.org/stable/c/a3f169e398215e71361774d13bf91a0101283ac2
https://git.kernel.org/stable/c/1ff7247101af723731ea42ed565d54fb8f341264
https://git.kernel.org/stable/c/d8794ac20a299b647ba9958f6d657051fc51a540
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
