#VU92025 Improper locking in Linux kernel


Published: 2024-06-13

Vulnerability identifier: #VU92025

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35821

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e
http://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310
http://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f
http://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3
http://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3
http://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f
http://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e
http://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566
http://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


openEuler 22.03 LTS SP3 update for kernel
openEuler 20.03 LTS SP4 update for kernel
Improper locking in Linux kernel ubifs