Vulnerability identifier: #VU96885

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-44969

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the sclp_sd_store_data() function in drivers/s390/char/sclp_sd.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

---

External links
http://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe
http://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05
http://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148
http://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463
http://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79
http://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633
http://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506
http://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a5643e35

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.