#VU92364 Improper locking in Linux kernel - CVE-2024-38591
Vulnerability identifier: #VU92364
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the alloc_srqc() and free_srqc() functions in drivers/infiniband/hw/hns/hns_roce_srq.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/4a3be1a0ffe04c085dd7f79be97c91b0c786df3d
https://git.kernel.org/stable/c/756ddbe665ea7f9416951bd76731b174d136eea0
https://git.kernel.org/stable/c/22c915af31bd84ffaa46145e317f53333f94a868
https://git.kernel.org/stable/c/72dc542f0d8977e7d41d610db6bb65c47cad43e9
https://git.kernel.org/stable/c/d271e66abac5c7eb8de345b9b44d89f777437a4c
https://git.kernel.org/stable/c/b46494b6f9c19f141114a57729e198698f40af37
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
