Improper locking in Linux kernel

#VU99025 Improper locking in Linux kernel

Cybersecurity Help s.r.o.

Published: 2024-10-22

Vulnerability identifier: #VU99025

Vulnerability risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-47735

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the hns_roce_lock_cqs() and hns_roce_unlock_cqs() functions in drivers/infiniband/hw/hns/hns_roce_qp.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel:

External links
http://git.kernel.org/stable/c/07f0f643d7e570dbe8ef6f5c3367a43e3086a335
http://git.kernel.org/stable/c/29c0f546d3fd66238b42cf25bcd5f193bb1cf794
http://git.kernel.org/stable/c/425589d4af09c49574bd71ac31f811362a5126c3
http://git.kernel.org/stable/c/094a1821903f33fb91de4b71087773ee16aeb3a0
http://git.kernel.org/stable/c/2656336a84fcb6802f6e6c233f4661891deea24f
http://git.kernel.org/stable/c/a1a3403bb1826c8ec787f0d60c3e7b54f419129e
http://git.kernel.org/stable/c/74d315b5af180220d561684d15897730135733a6

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler 22.03 LTS SP4 update for kernel

openEuler 22.03 LTS SP3 update for kernel

Improper locking in Linux kernel hw hns driver