#VU99080 Improper error handling in Linux kernel - CVE-2024-47690
Vulnerability identifier: #VU99080
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the f2fs_get_parent() and f2fs_lookup() functions in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
https://git.kernel.org/stable/c/e8d64f598eeb079c42a52deaa3a91312c736a49d
https://git.kernel.org/stable/c/f4746f2d79507f65cfbde11d3c39ee8338aa50af
https://git.kernel.org/stable/c/f9ce2f550d53d044ecfb5ce996406cf42cd6b84d
https://git.kernel.org/stable/c/8be95cd607478d85fa4626e86f811e785905bcbf
https://git.kernel.org/stable/c/bcefd0b0611f35b560d0a7281d87529fbe7a1e32
https://git.kernel.org/stable/c/884ee6dc85b959bc152f15bca80c30f06069e6c4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
