#VU93181 Resource management error in Linux kernel - CVE-2024-38607
Vulnerability identifier: #VU93181
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the macii_probe() function in drivers/macintosh/via-macii.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/e4ff8bcfb2841fe4e17e5901578b632adb89036d
https://git.kernel.org/stable/c/1e9c3f2caec548cfa7a65416ec4e6006e542f18e
https://git.kernel.org/stable/c/280619bbdeac186fb320fab3d61122d2a085def8
https://git.kernel.org/stable/c/010d4cb19bb13f423e3e746b824f314a9bf3e9a9
https://git.kernel.org/stable/c/787fb79efc15b3b86442ecf079b8148f173376d7
https://git.kernel.org/stable/c/d43a8c7ec0841e0ff91a968770aeca83f0fd4c56
https://git.kernel.org/stable/c/5900a88e897e6deb1bdce09ee34167a81c2da89d
https://git.kernel.org/stable/c/2907d409ce5946390f513976f0454888d37d1058
https://git.kernel.org/stable/c/d301a71c76ee4c384b4e03cdc320a55f5cf1df05
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
