#VU102168 Improper locking in Linux kernel - CVE-2024-56589
Vulnerability identifier: #VU102168
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cq_thread_v3_hw() function in drivers/scsi/hisi_sas/hisi_sas_v3_hw.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.12, 6.12.1, 6.12.2, 6.12.3, 6.12.4
External links
https://git.kernel.org/stable/c/2174bbc235f79fce88ea71fd08cf836568fcad5f
https://git.kernel.org/stable/c/2233c4a0b948211743659b24c13d6bd059fa75fc
https://git.kernel.org/stable/c/2991a023896b79e6753813ed88fbc98979713c73
https://git.kernel.org/stable/c/3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf
https://git.kernel.org/stable/c/50ddf4b0e1a4cb5e9ca0aac3d0a73202b903c87f
https://git.kernel.org/stable/c/601f8001373fc3fbad498f9be427254908b7fcce
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
