#VU94299 Resource management error in Linux kernel - CVE-2024-40978
Vulnerability identifier: #VU94299
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qedi_dbg_do_not_recover_cmd_read() function in drivers/scsi/qedi/qedi_debugfs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0
https://git.kernel.org/stable/c/21c963de2e86e88f6a8ca556bcebb8e62ab8e901
https://git.kernel.org/stable/c/144d76a676b630e321556965011b00e2de0b40a7
https://git.kernel.org/stable/c/397a8990c377ee4b61d6df768e61dff9e316d46b
https://git.kernel.org/stable/c/eaddb86637669f6bad89245ee63f8fb2bfb50241
https://git.kernel.org/stable/c/fa85b016a56b9775a3fe41e5d26e666945963b46
https://git.kernel.org/stable/c/e2f433ea7d0ff77998766a088a287337fb43ad75
https://git.kernel.org/stable/c/28027ec8e32ecbadcd67623edb290dad61e735b5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
