#VU93271 Resource management error in Linux kernel - CVE-2024-35815
Vulnerability identifier: #VU93271
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the aio_setup_ring() and kiocb_set_cancel_fn() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/10ca82aff58434e122c7c757cf0497c335f993f3
https://git.kernel.org/stable/c/396dbbc18963648e9d1a4edbb55cfe08fa374d50
https://git.kernel.org/stable/c/94eb0293703ced580f05dfbe5a57da5931e9aee2
https://git.kernel.org/stable/c/a71cba07783abc76b547568b6452cd1dd9981410
https://git.kernel.org/stable/c/18d5fc3c16cc317bd0e5f5dabe0660df415cadb7
https://git.kernel.org/stable/c/c01ed748847fe8b810d86efc229b9e6c7fafa01e
https://git.kernel.org/stable/c/5c43d0041e3a05c6c41c318b759fff16d2384596
https://git.kernel.org/stable/c/961ebd120565cb60cebe21cb634fbc456022db4a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
