#VU99125 Race condition in Linux kernel - CVE-2024-50059
Vulnerability identifier: #VU99125
Vulnerability risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the switchtec_ntb_remove() function in drivers/ntb/hw/mscc/ntb_hw_switchtec.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/b650189687822b705711f0567a65a164a314d8df
http://git.kernel.org/stable/c/92728fceefdaa2a0a3aae675f86193b006eeaa43
http://git.kernel.org/stable/c/3ae45be8492460a35b5aebf6acac1f1d32708946
http://git.kernel.org/stable/c/fa840ba4bd9f3bad7f104e5b32028ee73af8b3dd
http://git.kernel.org/stable/c/177925d9c8715a897bb79eca62628862213ba956
http://git.kernel.org/stable/c/e51aded92d42784313ba16c12f4f88cc4f973bbb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
