#VU90770 Improper locking in Linux kernel - CVE-2024-27004

Vulnerability identifier: #VU90770

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27004

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the HLIST_HEAD(), clk_pm_runtime_put(), clk_unprepare_unused_subtree(), clk_disable_unused_subtree(), __setup(), clk_disable_unused(), __clk_release() and __clk_register() functions in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/a29ec0465dce0b871003698698ac6fa92c9a5034
https://git.kernel.org/stable/c/a424e713e0cc33d4b969cfda25b9f46df4d7b5bc
https://git.kernel.org/stable/c/60ff482c4205a5aac3b0595ab794cfd62295dab5
https://git.kernel.org/stable/c/115554862294397590088ba02f11f2aba6d5016c
https://git.kernel.org/stable/c/e581cf5d216289ef292d1a4036d53ce90e122469
https://git.kernel.org/stable/c/253ab38d1ee652a596942156978a233970d185ba
https://git.kernel.org/stable/c/4af115f1a20a3d9093586079206ee37c2ac55123

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.