#VU99146 Resource management error in Linux kernel - CVE-2024-49866
Vulnerability identifier: #VU99146
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the osnoise_hotplug_workfn() function in kernel/trace/trace_osnoise.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/322920b53dc11f9c2b33397eb3ae5bc6a175b60d
http://git.kernel.org/stable/c/ce25f33ba89d6eefef64157655d318444580fa14
http://git.kernel.org/stable/c/a6e9849063a6c8f4cb2f652a437e44e3ed24356c
http://git.kernel.org/stable/c/a0d9c0cd5856191e095cf43a2e141b73945b7716
http://git.kernel.org/stable/c/f72b451dc75578f644a3019c1489e9ae2c14e6c4
http://git.kernel.org/stable/c/829e0c9f0855f26b3ae830d17b24aec103f7e915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
