#VU100184 Improper locking in Linux kernel - CVE-2024-50234

Vulnerability identifier: #VU100184

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50234

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the il_pci_resume() function in drivers/net/wireless/intel/iwlegacy/common.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/271d282ecc15d7012e71ca82c89a6c0e13a063dd
https://git.kernel.org/stable/c/9d89941e51259c2b0b8e9c10c6f1f74200d7444f
https://git.kernel.org/stable/c/d0231f43df473e2f80372d0ca150eb3619932ef9
https://git.kernel.org/stable/c/8ac22fe1e2b104c37e4fecd97735f64bd6349ebc
https://git.kernel.org/stable/c/23f9cef17ee315777dbe88d5c11ff6166e4d0699
https://git.kernel.org/stable/c/cedf0f1db8d5f3524339c2c6e35a8505b0f1ab73
https://git.kernel.org/stable/c/8af8294d369a871cdbcdbb4d13b87d2d6e490a1f
https://git.kernel.org/stable/c/07c90acb071b9954e1fecb1e4f4f13d12c544b34

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.