#VU97805 Improper locking in Linux kernel - CVE-2024-46832
Vulnerability identifier: #VU97805
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the r4k_clockevent_init() function in arch/mips/kernel/cevt-r4k.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db
https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522
https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98
https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30
https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52
https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
