#VU95020 Improper error handling in Linux kernel - CVE-2024-41034
Vulnerability identifier: #VU95020
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_dotdot() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703
https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e
https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b
https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d
https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231
https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd
https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5
https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
