#VU96882 Resource management error in Linux kernel - CVE-2024-44968

Vulnerability identifier: #VU96882

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-44968

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tick_broadcast_switch_to_oneshot() and hotplug_cpu__broadcast_tick_pull() functions in kernel/time/tick-broadcast.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/f54abf332a2bc0413cfa8bd6a8511f7aa99faea0
https://git.kernel.org/stable/c/f91fb47ecacc178a83a77eeebd25cbaec18c01d6
https://git.kernel.org/stable/c/668c6c4a7e9e9f081c06b70f30104fb7013437ed
https://git.kernel.org/stable/c/541a900d245536d4809cb1aa322c3fcc2cdb58a6
https://git.kernel.org/stable/c/7b3ec186ba93e333e9efe7254e7e31c1828e5d2d
https://git.kernel.org/stable/c/b9d604933d5fd72dd37f24e1dc35f778297d745a
https://git.kernel.org/stable/c/7dd12f85f150010ef7518201c63fa7e395f5c3e9
https://git.kernel.org/stable/c/6881e75237a84093d0986f56223db3724619f26e

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.