#VU90942 Improper error handling in Linux kernel - CVE-2024-35936

Vulnerability identifier: #VU90942

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35936

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/bebd9e0ff90034875c5dfe4bd514fd7055fc7a89
https://git.kernel.org/stable/c/576164bd01bd795f8b09fb194b493103506b33c9
https://git.kernel.org/stable/c/87299cdaae757f3f41212146cfb5b3af416b8385
https://git.kernel.org/stable/c/d1ffa4ae2d591fdd40471074e79954ec45f147f7
https://git.kernel.org/stable/c/36c2a2863bc3896243eb724dc3fd4cf9aea633f2
https://git.kernel.org/stable/c/0d23b34c68c46cd225b55868bc8a269e3134816d
https://git.kernel.org/stable/c/1f9212cdbd005bc55f2b7422e7b560d9c02bd1da
https://git.kernel.org/stable/c/7411055db5ce64f836aaffd422396af0075fdc99

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.