#VU102958 Improper error handling in Linux kernel - CVE-2024-57838


Vulnerability identifier: #VU102958

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-57838

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the arch_init_kprobes() function in arch/s390/kernel/kprobes.c, within the SYM_CODE_START() function in arch/s390/kernel/entry.S. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/1af22528fee8072b7adc007b8ca49cc4ea62689e
https://git.kernel.org/stable/c/45c9f2b856a075a34873d00788d2e8a250c1effd
https://git.kernel.org/stable/c/473ffae3030188f1c6b80e1b3631a26b4adf7b32
https://git.kernel.org/stable/c/5bb7a2c3afcf8732dc65ea49c09147b07da1d993
https://git.kernel.org/stable/c/ca687fdce5b95f84d91d6e36ac77047771eb3dfc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-hwe-5.15
Ubuntu update for linux-raspi
openEuler 24.03 LTS update for kernel
Ubuntu update for linux-nvidia-tegra
Ubuntu update for linux-xilinx-zynqmp
Ubuntu update for linux-intel-iot-realtime
Ubuntu update for linux-aws-fips
Ubuntu update for linux
Ubuntu update for linux-aws-5.15
Ubuntu update for linux