Improper locking in Linux kernel

#VU99016 Improper locking in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-10-22

Vulnerability identifier: #VU99016

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49965

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ocfs2_read_blocks() function in fs/ocfs2/buffer_head_io.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
http://git.kernel.org/stable/c/3f1ca6ba5452d53c598a45d21267a2c0c221eef3
http://git.kernel.org/stable/c/f55a33fe0fb5274ef185fd61947cf142138958af
http://git.kernel.org/stable/c/81aba693b129e82e11bb54f569504d943d018de9
http://git.kernel.org/stable/c/84543da867c967edffd5065fa910ebf56aaae49d
http://git.kernel.org/stable/c/df4f20fc3673cee11abf2c571987a95733cb638d
http://git.kernel.org/stable/c/39a88623af3f1c686bf6db1e677ed865ffe6fccc
http://git.kernel.org/stable/c/c03a82b4a0c935774afa01fd6d128b444fd930a1

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-hwe-5.15

SUSE update for the Linux Kernel

Ubuntu update for linux-aws

Ubuntu update for linux

SUSE update for the Linux Kernel