#VU99080 Improper error handling in Linux kernel - CVE-2024-47690


Vulnerability identifier: #VU99080

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-47690

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the f2fs_get_parent() and f2fs_lookup() functions in fs/f2fs/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions


External links
https://git.kernel.org/stable/c/e8d64f598eeb079c42a52deaa3a91312c736a49d
https://git.kernel.org/stable/c/f4746f2d79507f65cfbde11d3c39ee8338aa50af
https://git.kernel.org/stable/c/f9ce2f550d53d044ecfb5ce996406cf42cd6b84d
https://git.kernel.org/stable/c/8be95cd607478d85fa4626e86f811e785905bcbf
https://git.kernel.org/stable/c/bcefd0b0611f35b560d0a7281d87529fbe7a1e32
https://git.kernel.org/stable/c/884ee6dc85b959bc152f15bca80c30f06069e6c4


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability