#VU93856 Use of obsolete function in Linux kernel
Vulnerability identifier: #VU93856
Vulnerability risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-477
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to have negative impact on system performance.
The vulnerability exists due to usage of dead code related to SCM_RIGHTS within the io_allocate_scq_urings(), io_ring_ctx_free(), and io_cqring_wait() function in fs/io_uring.c. A local user can influence system performance.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3
http://git.kernel.org/stable/c/a6771f343af90a25f3a14911634562bb5621df02
http://git.kernel.org/stable/c/d909d381c3152393421403be4b6435f17a2378b4
http://git.kernel.org/stable/c/a3812a47a32022ca76bf46ddacdd823dc2aabf8b
http://git.kernel.org/stable/c/88c49d9c896143cdc0f77197c4dcf24140375e89
http://git.kernel.org/stable/c/6e5e6d274956305f1fc0340522b38f5f5be74bdb
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
