#VU93756 Incorrect calculation in Linux kernel
Vulnerability identifier: #VU93756
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-682
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the reserve_compress_blocks(), f2fs_reserve_compress_blocks() and mnt_drop_write_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/fa3ac8b1a227d9b470b87972494293348b5839ee
http://git.kernel.org/stable/c/889846dfc8ee2cf31148a44bfd2faeb2faadc685
http://git.kernel.org/stable/c/f0bf89e84c3afb79d7a3a9e4bc853ad6a3245c0a
http://git.kernel.org/stable/c/569c198c9e2093fd29cc071856a4e548fda506bc
http://git.kernel.org/stable/c/fc0aed88afbf6f606205129a7466eebdf528e3f3
http://git.kernel.org/stable/c/2f6d721e14b69d6e1251f69fa238b48e8374e25f
http://www.openwall.com/lists/oss-security/2024/05/30/2
http://www.openwall.com/lists/oss-security/2024/05/30/1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
