Vulnerability identifier: #VU93859
Vulnerability risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e
http://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa
http://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90
http://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529
http://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6
http://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75
http://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857
http://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
http://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.