#VU93464 Improper locking in Linux kernel - CVE-2024-35822
Vulnerability identifier: #VU93464
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/2b002c308e184feeaeb72987bca3f1b11e5f70b8
https://git.kernel.org/stable/c/68d951880d0c52c7f13dcefb5501b69b8605ce8c
https://git.kernel.org/stable/c/3e944ddc17c042945d983e006df7860687a8849a
https://git.kernel.org/stable/c/df5cbb908f1687e8ab97e222a16b7890d5501acf
https://git.kernel.org/stable/c/f74c5e0b54b02706d9a862ac6cddade30ac86bcf
https://git.kernel.org/stable/c/99731076722eb7ed26b0c87c879da7bb71d24290
https://git.kernel.org/stable/c/36177c2595df12225b95ce74eb1ac77b43d5a58c
https://git.kernel.org/stable/c/30511676eb54d480d014352bf784f02577a10252
https://git.kernel.org/stable/c/2a587a035214fa1b5ef598aea0b81848c5b72e5e
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
