#VU95008 Double free in Linux kernel - CVE-2024-41087
Vulnerability identifier: #VU95008
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-415
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ata_host_alloc() function in drivers/ata/libata-core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/290073b2b557e4dc21ee74a1e403d9ae79e393a2
https://git.kernel.org/stable/c/56f1c7e290cd6c69c948fcd2e2a49e6a637ec38f
https://git.kernel.org/stable/c/010de9acbea58fbcbda08e3793d6262086a493fe
https://git.kernel.org/stable/c/5dde5f8b790274723640d29a07c5a97d57d62047
https://git.kernel.org/stable/c/702c1edbafb2e6f9d20f6d391273b5be09d366a5
https://git.kernel.org/stable/c/062e256516d7db5e7dcdef117f52025cd5c456e3
https://git.kernel.org/stable/c/8106da4d88bbaed809e023cc8014b766223d6e76
https://git.kernel.org/stable/c/ab9e0c529eb7cafebdd31fe1644524e80a48b05d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
