#VU91318 Improper locking in Linux kernel - CVE-2024-26810
Vulnerability identifier: #VU91318
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5
https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651
https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40
https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf
https://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7
https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6
https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42
https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
