#VU93034 Improper locking in Linux kernel


Published: 2024-06-21

Vulnerability identifier: #VU93034

Vulnerability risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-38780

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:


External links
http://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a
http://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed
http://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8
http://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878
http://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a
http://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef
http://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e
http://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability