#VU89247 Resource management error in Linux kernel - CVE-2024-26606
Vulnerability identifier: #VU89247
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the binder_enqueue_thread_work_ilocked() function in drivers/android/binder.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac
https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61
https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc
https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc
https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769
https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68
https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69
https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
