#VU91318 Improper locking in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91318

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26810

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5
http://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651
http://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40
http://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf
http://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7
http://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6
http://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42
http://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability