#VU94987 Improper locking in Linux kernel - CVE-2024-42096
Vulnerability identifier: #VU94987
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the profile_pc() function in arch/x86/kernel/time.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e
https://git.kernel.org/stable/c/27c3be840911b15a3f24ed623f86153c825b6b29
https://git.kernel.org/stable/c/49c09ca35a5f521d7fa18caf62fdf378f15e8aa4
https://git.kernel.org/stable/c/2d07fea561d64357fb7b3f3751e653bf20306d77
https://git.kernel.org/stable/c/161cef818545ecf980f0e2ebaf8ba7326ce53c2b
https://git.kernel.org/stable/c/16222beb9f8e5ceb0beeb5cbe54bef16df501a92
https://git.kernel.org/stable/c/a3b65c8cbc139bfce9541bc81c1bb766e5ba3f68
https://git.kernel.org/stable/c/093d9603b60093a9aaae942db56107f6432a5dca
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
