#VU94308 Resource management error in Linux kernel - CVE-2024-40988
Vulnerability identifier: #VU94308
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sumo_construct_vid_mapping_table() function in drivers/gpu/drm/radeon/sumo_dpm.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/07e8f15fa16695cf4c90e89854e59af4a760055b
https://git.kernel.org/stable/c/a8c6df9fe5bc390645d1e96eff14ffe414951aad
https://git.kernel.org/stable/c/febe794b83693257f21a23d2e03ea695a62449c8
https://git.kernel.org/stable/c/cf1cc8fcfe517e108794fb711f7faabfca0dc855
https://git.kernel.org/stable/c/f803532bc3825384100dfc58873e035d77248447
https://git.kernel.org/stable/c/9e57611182a817824a17b1c3dd300ee74a174b42
https://git.kernel.org/stable/c/468a50fd46a09bba7ba18a11054ae64b6479ecdc
https://git.kernel.org/stable/c/a498df5421fd737d11bfd152428ba6b1c8538321
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
