#VU99011 Improper locking in Linux kernel - CVE-2024-50006
Vulnerability identifier: #VU99011
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_ind_migrate() function in fs/ext4/migrate.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/53b1999cfd2c7addf2e581a32865fe8835467b44
https://git.kernel.org/stable/c/ef05572da0c0eb89614ed01cc17d3c882bdbd1ff
https://git.kernel.org/stable/c/9fedf51ab8cf7b69bff08f37fe0989fec7f5d870
https://git.kernel.org/stable/c/d43776b907659affef1de888525847d64b244194
https://git.kernel.org/stable/c/6252cb6bde7fc76cb8dcb49d1def7c326b190820
https://git.kernel.org/stable/c/d58a00e981d3118b91d503da263e640b7cde6729
https://git.kernel.org/stable/c/cc749e61c011c255d81b192a822db650c68b313f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
