#VU92940 Improper error handling in Linux kernel - CVE-2024-38614

Cybersecurity Help s.r.o.

Published: 2024-06-20

Vulnerability identifier: #VU92940

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38614

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the unhandled_exception() function in arch/openrisc/kernel/traps.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/c0ed9a711e3392d73e857faa031d8d349c0d70db
https://git.kernel.org/stable/c/075c0405b0d7d9fc490609e988a3af0069596538
https://git.kernel.org/stable/c/cea9d0015c140af39477dd5eeb9b20233a45daa9
https://git.kernel.org/stable/c/c88cfb5cea5f8f9868ef02cc9ce9183a26dcf20f

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-lowlatency

Ubuntu update for linux-oem-6.8

Ubuntu update for linux-nvidia-lowlatency

Ubuntu update for linux

openEuler 24.03 LTS update for kernel

Improper error handling in Linux kernel openrisc kernel