#VU92034 Improper locking in Linux kernel - CVE-2024-26925
Vulnerability identifier: #VU92034
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/61ac7284346c32f9a8c8ceac56102f7914060428
https://git.kernel.org/stable/c/2cee2ff7f8cce12a63a0a23ffe27f08d99541494
https://git.kernel.org/stable/c/eb769ff4e281f751adcaf4f4445cbf30817be139
https://git.kernel.org/stable/c/8d3a58af50e46167b6f1db47adadad03c0045dae
https://git.kernel.org/stable/c/8038ee3c3e5b59bcd78467686db5270c68544e30
https://git.kernel.org/stable/c/a34ba4bdeec0c3b629160497594908dc820110f1
https://git.kernel.org/stable/c/0d459e2ffb541841714839e8228b845458ed3b27
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
