#VU97184 Improper Initialization in Linux kernel


Published: 2024-09-12

Vulnerability identifier: #VU97184

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45021

CWE-ID: CWE-665

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411
http://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8
http://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b
http://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227
http://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7
http://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c
http://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61
http://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Debian update for linux
Improper Initialization in Linux kernel mm