#VU93859 Resource management error in Linux kernel - CVE-2024-26763

Vulnerability identifier: #VU93859

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26763

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e
https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa
https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90
https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529
https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6
https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75
https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857
https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.