#VU91529 Improper locking in Linux kernel - CVE-2024-26812
Published: June 8, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU91529
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-26812
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3
- https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e
- https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834
- https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d237432ed034
- https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d
- https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c
- https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899
- https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215