Improper error handling in Linux kernel

#VU90939 Improper error handling in Linux kernel

Published: 2024-06-03

Vulnerability identifier: #VU90939

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47361

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mcb_alloc_bus() function in drivers/mcb/mcb-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/8a558261fa57a6deefb0925ab1829f698b194aea
http://git.kernel.org/stable/c/115b07d9f47e3996430b8f2007edd9768e1f807f
http://git.kernel.org/stable/c/66f74ba9be9daf9c47fface6af3677f602774f6b
http://git.kernel.org/stable/c/7751f609eadf36b1f53712bae430019c53a16eb0
http://git.kernel.org/stable/c/91e4ad05bf18322b5921d1a6c9b603f6eb1694f0
http://git.kernel.org/stable/c/9fc198f415dee070a1de957bb5bf5921d8df3499
http://git.kernel.org/stable/c/25a1433216489de4abc889910f744e952cb6dbae

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

openEuler 20.03 LTS SP4 update for kernel

Improper error handling in Linux kernel mcb driver