#VU92359 Improper locking in Linux kernel - CVE-2024-38613
Vulnerability identifier: #VU92359
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/2a8d1d95302c7d52c6ac8fa5cb4a6948ae0d3a14
https://git.kernel.org/stable/c/5213cc01d0464c011fdc09f318705603ed3a746b
https://git.kernel.org/stable/c/4eeffecc8e3cce25bb559502c2fd94a948bcde82
https://git.kernel.org/stable/c/77b2b67a0f8bce260c53907e5749d61466d90c87
https://git.kernel.org/stable/c/0d9ae1253535f6e85a016e09c25ecbe6f7f59ef0
https://git.kernel.org/stable/c/f3baf0f4f92af32943ebf27b960e0552c6c082fd
https://git.kernel.org/stable/c/f1d4274a84c069be0f6098ab10c3443fc1f7134c
https://git.kernel.org/stable/c/95f00caf767b5968c2c51083957b38be4748a78a
https://git.kernel.org/stable/c/da89ce46f02470ef08f0f580755d14d547da59ed
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
