#VU102224 Resource management error in Linux kernel - CVE-2024-56724
Vulnerability identifier: #VU102224
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bxt_wcove_tmu_irq_handler() and bxt_wcove_tmu_probe() functions in drivers/platform/x86/intel/bxtwc_tmu.c, within the ARRAY_SIZE() and bxtwc_probe() functions in drivers/mfd/intel_soc_pmic_bxtwc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/1b734ad0e33648c3988c6a37c2ac16c2d63eda06
https://git.kernel.org/stable/c/2310f5336f32eac9ada2d59b965d578efe25c4bf
https://git.kernel.org/stable/c/56acf415772ee7e10e448b371f52b249aa2d0f7b
https://git.kernel.org/stable/c/5bc6d0da4a32fe34a9960de577e0b7de3454de0c
https://git.kernel.org/stable/c/9b79d59e6b2b515eb9a22bc469ef7b8f0904fc73
https://git.kernel.org/stable/c/b7c7c400de85d915e0da7c2c363553a801c47349
https://git.kernel.org/stable/c/c472b55cc0bc3df805db6a14f50a084884cf18ee
https://git.kernel.org/stable/c/da498e02c92e6d82df8001438dd583b90c570815
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
