#VU100730 Use of uninitialized resource in Linux kernel - CVE-2024-53066
Vulnerability identifier: #VU100730
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nfs_fattr_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/25ffd294fef81a7f3cd9528adf21560c04d98747
http://git.kernel.org/stable/c/bbfcd261cc068fe1cd02a4e871275074a0daa4e2
http://git.kernel.org/stable/c/8fc5ea9231af9122d227c9c13f5e578fca48d2e3
http://git.kernel.org/stable/c/9b453e8b108a5a93a6e348cf2ba4c9c138314a00
http://git.kernel.org/stable/c/f6b2b2b981af8e7d7c62d34143acefa4e1edfe8b
http://git.kernel.org/stable/c/f749cb60a01f8391c760a1d6ecd938cadacf9549
http://git.kernel.org/stable/c/9be0a21ae52b3b822d0eec4d14e909ab394f8a92
http://git.kernel.org/stable/c/dc270d7159699ad6d11decadfce9633f0f71c1db
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
