#VU92054 Improper error handling in Linux kernel


Published: 2024-06-13

Vulnerability identifier: #VU92054

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36939

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f
http://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba
http://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021
http://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65
http://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c
http://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3
http://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability