#VU93388 Improper locking in Linux kernel - CVE-2024-26845
Vulnerability identifier: #VU93388
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the transport_generic_handle_tmr() function in drivers/target/target_core_transport.c, within the transport_lookup_tmr_lun() and rcu_dereference_raw() functions in drivers/target/target_core_device.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/425a571a7e6fc389954cf2564e1edbba3740e171
https://git.kernel.org/stable/c/11f3fe5001ed05721e641f0ecaa7a73b7deb245d
https://git.kernel.org/stable/c/168ed59170de1fd7274080fe102216162d6826cf
https://git.kernel.org/stable/c/a9849b67b4402a12eb35eadc9306c1ef9847d53d
https://git.kernel.org/stable/c/e717bd412001495f17400bfc09f606f1b594ef5a
https://git.kernel.org/stable/c/36bc5040c863b44af06094b22f1e50059227b9cb
https://git.kernel.org/stable/c/bd508f96b5fef96d8a0ce9cbb211d82bcfc2341f
https://git.kernel.org/stable/c/83ab68168a3d990d5ff39ab030ad5754cbbccb25
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
