#VU90795 Improper locking in Linux kernel


Published: 2024-06-03

Vulnerability identifier: #VU90795

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26696

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_page_mkwrite() function in fs/nilfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/228742b2ddfb99dfd71e5a307e6088ab6836272e
http://git.kernel.org/stable/c/862ee4422c38be5c249844a684b00d0dbe9d1e46
http://git.kernel.org/stable/c/98a4026b22ff440c7f47056481bcbbe442f607d6
http://git.kernel.org/stable/c/7e9b622bd0748cc104d66535b76d9b3535f9dc0f
http://git.kernel.org/stable/c/8494ba2c9ea00a54d5b50e69b22c55a8958bce32
http://git.kernel.org/stable/c/ea5ddbc11613b55e5128c85f57b08f907abd9b28
http://git.kernel.org/stable/c/e38585401d464578d30f5868ff4ca54475c34f7d
http://git.kernel.org/stable/c/38296afe3c6ee07319e01bb249aa4bb47c07b534

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP1 update for kernel
openEuler 22.03 LTS update for kernel
openEuler 20.03 LTS SP4 update for kernel
openEuler 20.03 LTS SP1 update for kernel
Improper locking in Linux kernel nilfs2