#VU92043 Improper locking in Linux kernel


Published: 2024-06-13

Vulnerability identifier: #VU92043

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26687

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5
http://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4
http://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b
http://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9
http://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3
http://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44
http://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability