#VU100182 Improper locking in Linux kernel - CVE-2024-50228

Vulnerability identifier: #VU100182

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50228

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shmem_getattr() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/9fb9703cd43ee20a6de8ccdef991677b7274cec0
https://git.kernel.org/stable/c/7cc30ada84323be19395094d567579536e0d187e
https://git.kernel.org/stable/c/bda1a99a0dd644f31a87d636ac624eeb975cb65a
https://git.kernel.org/stable/c/3d9528484480e8f4979b3a347930ed383be99f89
https://git.kernel.org/stable/c/82cae1e30bd940253593c2d4f16d88343d1358f4
https://git.kernel.org/stable/c/edd1f905050686fdc4cfe233d818469fdf7d5ff8
https://git.kernel.org/stable/c/ffd56612566bc23877c8f45def2801f3324a222a
https://git.kernel.org/stable/c/d949d1d14fa281ace388b1de978e8f2cd52875cf

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.