#VU99078 Improper error handling in Linux kernel - CVE-2024-47737
Vulnerability identifier: #VU99078
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the idmap_id_to_name() function in fs/nfsd/nfs4idmap.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/9f03f0016ff797932551881c7e06ae50e9c39134
http://git.kernel.org/stable/c/9803ab882d565a8fb2dde5999d98866d1c499dfd
http://git.kernel.org/stable/c/81821617312988096f5deccf0f7da6f888e98056
http://git.kernel.org/stable/c/a1afbbb5276f943ad7173d0b4c626b8c75a260da
http://git.kernel.org/stable/c/e32ee6a61041925d1a05c14d10352dcfce9ef029
http://git.kernel.org/stable/c/8d0765f86135e27f0bb5c950c136495719b4c834
http://git.kernel.org/stable/c/d078cbf5c38de83bc31f83c47dcd2184c04a50c7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
