#VU102176 Improper locking in Linux kernel - CVE-2024-53207
Vulnerability identifier: #VU102176
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mgmt_set_discoverable_complete(), mgmt_set_connectable_complete(), set_ssp_complete(), set_name_complete(), set_default_phy_complete(), start_discovery_complete(), stop_discovery_complete() and read_local_oob_ext_data_complete() functions in net/bluetooth/mgmt.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/5703fb1d85f653e35b327b14de4db7da239e4fd9
https://git.kernel.org/stable/c/6a25ce9b4af6dc26ee2b9c32d6bd37620bf9739e
https://git.kernel.org/stable/c/a66dfaf18fd61bb75ef8cee83db46b2aadf153d0
https://git.kernel.org/stable/c/c3f594a3473d6429a0bcf2004cb2885368741b79
https://git.kernel.org/stable/c/cac34e44281f1f1bd842adbbcfe3ef9ff0905111
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
