#VU93474 Resource management error in Linux kernel
Vulnerability identifier: #VU93474
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the stdev_release(), stdev_create(), switchtec_init_pci() and switchtec_pci_remove() functions in drivers/pci/switch/switchtec.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d8c293549946ee5078ed0ab77793cec365559355
http://git.kernel.org/stable/c/4a5d0528cf19dbf060313dffbe047bc11c90c24c
http://git.kernel.org/stable/c/ff1c7e2fb9e9c3f53715fbe04d3ac47b80be7eb8
http://git.kernel.org/stable/c/1d83c85922647758c1f1e4806a4c5c3cf591a20a
http://git.kernel.org/stable/c/0233b836312e39a3c763fb53512b3fa455b473b3
http://git.kernel.org/stable/c/e129c7fa7070fbce57feb0bfc5eaa65eef44b693
http://git.kernel.org/stable/c/df25461119d987b8c81d232cfe4411e91dcabe66
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
