#VU90779 Improper locking in Linux kernel


Vulnerability identifier: #VU90779

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26916

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the amdgpu_gfx_off_ctrl() function in drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c, within the amdgpu_device_suspend() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/65158edb0a3a8df23197d52cd24287e39eaf95d6
http://git.kernel.org/stable/c/ff70e6ff6fc2413caf33410af7462d1f584d927e
http://git.kernel.org/stable/c/caa2565a2e13899be31f7b1e069e6465d3e2adb0
http://git.kernel.org/stable/c/d855ceb6a5fde668c5431156bc60fae0cc52b764
http://git.kernel.org/stable/c/916361685319098f696b798ef1560f69ed96e934

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for linux-oem-6.5
Ubuntu update for linux-aws-6.5
Ubuntu update for linux-hwe-6.5
Ubuntu update for linux-azure-6.5
Ubuntu update for linux
Ubuntu update for linux-intel-iotg
Ubuntu update for linux-aws
Ubuntu update for linux-hwe-5.15
Ubuntu update for linux
SUSE update for the Linux Kernel