#VU102235 Resource management error in Linux kernel - CVE-2024-53183
Vulnerability identifier: #VU102235
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the net_device_release() function in arch/um/drivers/net_kern.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/160cd5f956d191eb97664afd31ca59284c08d876
https://git.kernel.org/stable/c/1635d9a0ff1b8bd7aa4767d4ea7b3de72cd36f28
https://git.kernel.org/stable/c/468c2e5394afc848efb1eae6e1961a3c855cf35e
https://git.kernel.org/stable/c/6be99d4c117b9642a44d9f54f034b67615be2b2b
https://git.kernel.org/stable/c/8d9d174d3f55daaf5e7b48e9d7f53c723adbed86
https://git.kernel.org/stable/c/b174ab33aaafd556a1ead72fa8e35d70b6fb1e39
https://git.kernel.org/stable/c/cdbd5a1dcdc2c27ac076f91b03b9add3fefa1a82
https://git.kernel.org/stable/c/d1db692a9be3b4bd3473b64fcae996afaffe8438
https://git.kernel.org/stable/c/f04cd022ee1fde219e0db1086c27a0a5ba1914db
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
