#VU92043 Improper locking in Linux kernel - CVE-2024-26687
Vulnerability identifier: #VU92043
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5
https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4
https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b
https://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9
https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3
https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44
https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
