Improper locking in Linux kernel

#VU92042 Improper locking in Linux kernel

Published: 2024-06-13

Vulnerability identifier: #VU92042

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26743

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a
http://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a
http://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc
http://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298
http://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6
http://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8 update for kernel-rt

Improper locking in Linux kernel hw qedr driver