#VU94269 Improper locking in Linux kernel - CVE-2024-40981

Vulnerability identifier: #VU94269

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40981

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/79636f636126775436a11ee9cf00a9253a33ac11
https://git.kernel.org/stable/c/154e3f862ba33675cf3f4abf0a0a309a89df87d2
https://git.kernel.org/stable/c/82cdea8f3af1e36543c937df963d108c60bea030
https://git.kernel.org/stable/c/92176caf9896572f00e741a93cecc0ef1172da07
https://git.kernel.org/stable/c/fed7914858a1f1f3e6350bb0f620d6ef15107d16
https://git.kernel.org/stable/c/2685008a5f9a636434a8508419cee8158a2f52c8
https://git.kernel.org/stable/c/ae7f3cffe86aea3da0e8e079525a1ae619b8862a
https://git.kernel.org/stable/c/40dc8ab605894acae1473e434944924a22cfaaa0

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.