#VU100724 Improper locking in Linux kernel - CVE-2024-53079


Vulnerability identifier: #VU100724

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-53079

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the destroy_large_folio() function in mm/page_alloc.c, within the mem_cgroup_move_account(), mem_cgroup_move_charge_pte_range(), uncharge_folio() and mem_cgroup_swapout() functions in mm/memcontrol.c, within the __folio_undo_large_rmappable() and deferred_split_folio() functions in mm/huge_memory.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/fc4951c3e3358dd82ea508e893695b916c813f17
https://git.kernel.org/stable/c/afb1352d06b1b6b2cfd1f901c766a430c87078b3
https://git.kernel.org/stable/c/f8f931bba0f92052cf842b7e30917b1afcc77d5a

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-realtime
Ubuntu update for linux-aws-6.8
Ubuntu update for linux-gcp-6.8
Ubuntu update for linux
Ubuntu update for linux-gcp
Dell VxRail Appliance 8.x update for third-party components
Dell SmartFabric Manager update for third-party components
openEuler 24.03 LTS update for kernel
openEuler 24.03 LTS SP1 update for kernel
Ubuntu update for linux-oem-6.11