#VU94992 Improper locking in Linux kernel - CVE-2024-41063
Vulnerability identifier: #VU94992
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_unregister_dev() function in net/bluetooth/hci_core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9
https://git.kernel.org/stable/c/9cfc84b1d464cc024286f42a090718f9067b80ed
https://git.kernel.org/stable/c/ddeda6ca5f218b668b560d90fc31ae469adbfd92
https://git.kernel.org/stable/c/d2ce562a5aff1dcd0c50d9808ea825ef90da909f
https://git.kernel.org/stable/c/96600c2e5ee8213dbab5df1617293d8e847bb4fa
https://git.kernel.org/stable/c/d6cbce18370641a21dd889e8613d8153df15eb39
https://git.kernel.org/stable/c/3f939bd73fed12dddc2a32a76116c19ca47c7678
https://git.kernel.org/stable/c/0d151a103775dd9645c78c97f77d6e2a5298d913
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
