#VU97184 Improper Initialization in Linux kernel - CVE-2024-45021

Vulnerability identifier: #VU97184

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45021

CWE-ID: CWE-665

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the memcg_write_event_control() function in mm/memcontrol.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

---

External links
https://git.kernel.org/stable/c/fa5bfdf6cb5846a00e712d630a43e3cf55ccb411
https://git.kernel.org/stable/c/1b37ec85ad95b612307627758c6018cd9d92cca8
https://git.kernel.org/stable/c/ad149f5585345e383baa65f1539d816cd715fd3b
https://git.kernel.org/stable/c/0fbe2a72e853a1052abe9bc2b7df8ddb102da227
https://git.kernel.org/stable/c/43768fa80fd192558737e24ed6548f74554611d7
https://git.kernel.org/stable/c/f1aa7c509aa766080db7ab3aec2e31b1df09e57c
https://git.kernel.org/stable/c/21b578f1d599edb87462f11113c5b0fc7a04ac61
https://git.kernel.org/stable/c/046667c4d3196938e992fba0dfcde570aa85cd0e

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.