Improper locking in Linux kernel

#VU91442 Improper locking in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-06-08

Vulnerability identifier: #VU91442

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47494

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cfg80211_mgmt_registrations_update(), cfg80211_mlme_register_mgmt(), cfg80211_mlme_unregister_socket() and cfg80211_rx_mgmt_khz() functions in net/wireless/mlme.c, within the INIT_WORK() and cfg80211_init_wdev() functions in net/wireless/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/4c22227e39c7a0b4dab55617ee8d34d171fab8d4
http://git.kernel.org/stable/c/3c897f39b71fe68f90599f6a45b5f7bf5618420e
http://git.kernel.org/stable/c/09b1d5dc6ce1c9151777f6c4e128a59457704c97

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for the Linux Kernel

Improper locking in Linux kernel net