#VU97803 Improper locking in Linux kernel - CVE-2024-46829
Vulnerability identifier: #VU97803
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __rt_mutex_slowlock(), rt_mutex_handle_deadlock() and rt_mutex_slowlock() functions in kernel/locking/rtmutex.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab1441752a38
https://git.kernel.org/stable/c/6a976e9a47e8e5b326de671811561cab12e6fb1f
https://git.kernel.org/stable/c/1401da1486dc1cdbef6025fd74a3977df3a3e5d0
https://git.kernel.org/stable/c/93f44655472d9cd418293d328f9d141ca234ad83
https://git.kernel.org/stable/c/a92d81c9efec9280681c27a2c0a963fd0f1338e0
https://git.kernel.org/stable/c/85f03ca98e07cd0786738b56ae73740bce0ac27f
https://git.kernel.org/stable/c/f13b5afc5c4889569d84c3011ce449f61fccfb28
https://git.kernel.org/stable/c/d33d26036a0274b472299d7dcdaa5fb34329f91b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
