Resource management error in Linux kernel

#VU91608 Resource management error in Linux kernel

Published: 2024-06-10

Vulnerability identifier: #VU91608

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27389

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e
http://git.kernel.org/stable/c/4cdf9006fc095af71da80e9b5f48a32e991b9ed3
http://git.kernel.org/stable/c/cb9e802e49c24eeb3af35e9e8c04d526f35f112a
http://git.kernel.org/stable/c/340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6
http://git.kernel.org/stable/c/a43e0fc5e9134a46515de2f2f8d4100b74e50de3

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS update for kernel

Denial of service in Linux kernel pstore