#VU99031 Improper locking in Linux kernel - CVE-2024-47679
Vulnerability identifier: #VU99031
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the spin_lock() function in fs/inode.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/47a68c75052a660e4c37de41e321582ec9496195
https://git.kernel.org/stable/c/3721a69403291e2514d13a7c3af50a006ea1153b
https://git.kernel.org/stable/c/540fb13120c9eab3ef203f90c00c8e69f37449d1
https://git.kernel.org/stable/c/0eed942bc65de1f93eca7bda51344290f9c573bb
https://git.kernel.org/stable/c/0f8a5b6d0dafa4f533ac82e98f8b812073a7c9d1
https://git.kernel.org/stable/c/6c857fb12b9137fee574443385d53914356bbe11
https://git.kernel.org/stable/c/88b1afbf0f6b221f6c5bb66cc80cd3b38d696687
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
