Improper locking in Linux kernel

#VU99017 Improper locking in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-10-22

Vulnerability identifier: #VU99017

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-49959

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __releases() function in fs/jbd2/checkpoint.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed
http://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a
http://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019
http://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5
http://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138
http://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913
http://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP4 update for kernel

openEuler 22.03 LTS SP3 update for kernel

openEuler 20.03 LTS SP4 update for kernel

openEuler 22.03 LTS SP1 update for kernel

Improper locking in Linux kernel jbd2