#VU99076 Improper error handling in Linux kernel - CVE-2024-49882
Vulnerability identifier: #VU99076
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_ext_try_to_merge_up() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/b6c29c8f3d7cb67b505f3b2f6c242d52298d1f2e
https://git.kernel.org/stable/c/32bbb59e3f18facd7201bef110010bf35819b8c3
https://git.kernel.org/stable/c/78bbc3d15b6f443acb26e94418c445bac940d414
https://git.kernel.org/stable/c/68a69cf60660c73990c1875f94a5551600b04775
https://git.kernel.org/stable/c/7633407ca4ab8be2916ab214eb44ccebc6a50e1a
https://git.kernel.org/stable/c/230ee0535d01478bad9a3037292043f39b9be10b
https://git.kernel.org/stable/c/dcaa6c31134c0f515600111c38ed7750003e1b9c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
