#VU93065 Infinite loop in Linux kernel - CVE-2024-27032

Cybersecurity Help s.r.o.

Published: 2024-06-21

Vulnerability identifier: #VU93065

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27032

CWE-ID: CWE-835

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the f2fs_reserve_new_block_retry() function in fs/f2fs/recovery.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/fe4de493572a4263554903bf9c3afc5c196e15f0
https://git.kernel.org/stable/c/8844b2f8a3f0c428b74672f9726f9950b1a7764c
https://git.kernel.org/stable/c/d034810d02a5af8eb74debe29877dcaf5f00fdd1
https://git.kernel.org/stable/c/f26091a981318b5b7451d61f99bc073a6af8db67
https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP3 update for kernel

Ubuntu update for linux-oracle

Ubuntu update for linux-azure

Ubuntu update for linux-oem-6.8

Ubuntu update for linux

openEuler 22.03 LTS SP1 update for kernel

Infinite loop in Linux kernel f2fs