#VU102938 Improper locking in Linux kernel - CVE-2024-57807
Vulnerability identifier: #VU102938
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the megasas_aen_polling() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/3c654998a3e8167a58b6c6fede545fe400a4b554
https://git.kernel.org/stable/c/466ca39dbf5d0ba71c16b15c27478a9c7d4022a8
https://git.kernel.org/stable/c/50740f4dc78b41dec7c8e39772619d5ba841ddd7
https://git.kernel.org/stable/c/78afb9bfad00c4aa58a424111d7edbcab9452f2b
https://git.kernel.org/stable/c/edadc693bfcc0f1ea08b8fa041c9361fd042410d
https://git.kernel.org/stable/c/f36d024bd15ed356a80dda3ddc46d0a62aa55815
https://git.kernel.org/stable/c/f50783148ec98a1d38b87422e2ceaf2380b7b606
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
