#VU99029 Improper locking in Linux kernel - CVE-2024-49856
Vulnerability identifier: #VU99029
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sgx_alloc_epc_page() function in arch/x86/kernel/cpu/sgx/main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/40fb64257dab507d86b5f1f2a62f3669ef0c91a8
https://git.kernel.org/stable/c/20c96d0aaabfe361fc2a11c173968dc67feadbbf
https://git.kernel.org/stable/c/fb2d057539eda67ec7cfc369bf587e6518a9b99d
https://git.kernel.org/stable/c/0f89fb4042c08fd143bfc28af08bf6c8a0197eea
https://git.kernel.org/stable/c/8132510c915815e6b537ab937d94ed66893bc7b8
https://git.kernel.org/stable/c/9c936844010466535bd46ea4ce4656ef17653644
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
