#VU92366 Improper locking in Linux kernel


Published: 2024-06-20

Vulnerability identifier: #VU92366

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38582

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830
http://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b
http://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb
http://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd
http://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0
http://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a
http://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b
http://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f
http://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability