#VU102154 Improper locking in Linux kernel - CVE-2024-56739


| Updated: 2025-05-11

Vulnerability identifier: #VU102154

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56739

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the rtc_timer_do_work() function in drivers/rtc/interface.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1, 6.1 rc1, 6.1 rc3, 6.1 rc7, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26, 6.1.27, 6.1.28, 6.1.29, 6.1.30, 6.1.31, 6.1.32, 6.1.33, 6.1.34, 6.1.35, 6.1.36, 6.1.37, 6.1.38, 6.1.39, 6.1.40, 6.1.41, 6.1.42, 6.1.43, 6.1.44, 6.1.45, 6.1.46, 6.1.47, 6.1.48, 6.1.49, 6.1.50, 6.1.51, 6.1.52, 6.1.53, 6.1.54, 6.1.55, 6.1.56, 6.1.57, 6.1.58, 6.1.59, 6.1.60, 6.1.61, 6.1.62, 6.1.63, 6.1.64, 6.1.65, 6.1.66, 6.1.67, 6.1.68, 6.1.69, 6.1.70, 6.1.71, 6.1.72, 6.1.73, 6.1.74, 6.1.75, 6.1.76, 6.1.77, 6.1.78, 6.1.79, 6.1.80, 6.1.81, 6.1.82, 6.1.83, 6.1.84, 6.1.85, 6.1.86, 6.1.87, 6.1.88, 6.1.89, 6.1.90, 6.1.91, 6.1.92, 6.1.93, 6.1.94, 6.1.95, 6.1.96, 6.1.97, 6.1.98, 6.1.99, 6.1.100, 6.1.101, 6.1.102, 6.1.103, 6.1.104, 6.1.105, 6.1.106, 6.1.107, 6.1.108, 6.1.109, 6.1.110, 6.1.111, 6.1.112, 6.1.113, 6.1.114, 6.1.115, 6.1.116, 6.1.117, 6.1.118, 6.1.119

External links
https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe
https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1
https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f
https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2
https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b22c75bd1
https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4
https://git.kernel.org/stable/c/e77bce0a8c3989b4173c36f4195122bca8f4a3e1
https://git.kernel.org/stable/c/e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d
https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.120

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Dell SmartFabric Manager update for third-party components
Ubuntu update for linux-raspi-5.4
Ubuntu update for linux-raspi
Anolis OS update for kernel:5.10
Multiple vulnerabilities in Dell Secure Connect Gateway
Ubuntu update for linux-gcp-5.15
Ubuntu update for linux-azure-nvidia
Dell APEX Cloud Platform for Red Hat OpenShift update for third-party components
Ubuntu update for linux-ibm-5.15
Ubuntu update for linux-ibm-5.4