#VU94278 Improper locking in Linux kernel - CVE-2024-40943

Vulnerability identifier: #VU94278

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-40943

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ocfs2_change_file_space() function in fs/ocfs2/file.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/3c26b5d21b1239e9c7fd31ba7d9b2d7bdbaa68d9
https://git.kernel.org/stable/c/e8e2db1adac47970a6a9225f3858e9aa0e86287f
https://git.kernel.org/stable/c/050ce8af6838c71e872e982b50d3f1bec21da40e
https://git.kernel.org/stable/c/38825ff9da91d2854dcf6d9ac320a7e641e10f25
https://git.kernel.org/stable/c/ea042dc2bea19d72e37c298bf65a9c341ef3fff3
https://git.kernel.org/stable/c/3c361f313d696df72f9bccf058510e9ec737b9b1
https://git.kernel.org/stable/c/117b9c009b72a6c2ebfd23484354dfee2d9570d2
https://git.kernel.org/stable/c/952b023f06a24b2ad6ba67304c4c84d45bea2f18

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.