#VU93270 Resource management error in Linux kernel - CVE-2024-35807
Vulnerability identifier: #VU93270
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/75cc31c2e7193b69f5d25650bda5bb42ed92f8a1
https://git.kernel.org/stable/c/ee4e9c1976147a850f6085a13fca95bcaa00d84c
https://git.kernel.org/stable/c/e8e8b197317228b5089ed9e7802dadf3ccaa027a
https://git.kernel.org/stable/c/239c669edb2bffa1aa2612519b1d438ab35d6be6
https://git.kernel.org/stable/c/fb1088d51bbaa0faec5a55d4f5818a9ab79e24df
https://git.kernel.org/stable/c/37b6a3ba793bbbae057f5b991970ebcc52cb3db5
https://git.kernel.org/stable/c/b461910af8ba3bed80f48c2bf852686d05c6fc5c
https://git.kernel.org/stable/c/722d2c01b8b108f8283d1b7222209d5b2a5aa7bd
https://git.kernel.org/stable/c/a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
