#VU91450 Improper locking in Linux kernel


Published: 2024-06-08

Vulnerability identifier: #VU91450

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27000

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/2c9b943e9924cf1269e44289bc5e60e51b0f5270
http://git.kernel.org/stable/c/5f40fd6ca2cf0bfbc5a5c9e403dfce8ca899ba37
http://git.kernel.org/stable/c/94b0e65c75f4af888ab2dd6c90f060f762924e86
http://git.kernel.org/stable/c/54c4ec5f8c471b7c1137a1f769648549c423c026
http://git.kernel.org/stable/c/56434e295bd446142025913bfdf1587f5e1970ad
http://git.kernel.org/stable/c/21535ef0ac1945080198fe3e4347ea498205c99a
http://git.kernel.org/stable/c/0dc0637e6b16158af85945425821bfd0151adb37
http://git.kernel.org/stable/c/479244d68f5d94f3903eced52b093c1e01ddb495

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS update for kernel
Improper locking in Linux kernel tty serial driver