#VU99121 Infinite loop in Linux kernel - CVE-2024-50024
Vulnerability identifier: #VU99121
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __netlink_clear_multicast_users() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/68ad5da6ca630a276f0a5c924179e57724d00013
http://git.kernel.org/stable/c/1cdec792b2450105b1314c5123a9a0452cb2c2f0
http://git.kernel.org/stable/c/5f03a7f601f33cda1f710611625235dc86fd8a9e
http://git.kernel.org/stable/c/3be342e0332a7c83eb26fbb22bf156fdca467a5d
http://git.kernel.org/stable/c/49f9b726bf2bf3dd2caf0d27cadf4bc1ccf7a7dd
http://git.kernel.org/stable/c/1dae9f1187189bc09ff6d25ca97ead711f7e26f9
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
