#VU99147 Resource management error in Linux kernel - CVE-2024-49926

Cybersecurity Help s.r.o.

Published: 2024-10-22 | Updated: 2025-05-12

Vulnerability identifier: #VU99147

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49926

CWE-ID: CWE-399

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kernel/rcu/tasks.h. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1, 6.1 rc1, 6.1 rc3, 6.1 rc7, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.1.9, 6.1.10, 6.1.11, 6.1.12, 6.1.13, 6.1.14, 6.1.15, 6.1.16, 6.1.17, 6.1.18, 6.1.19, 6.1.20, 6.1.21, 6.1.22, 6.1.23, 6.1.24, 6.1.25, 6.1.26, 6.1.27, 6.1.28, 6.1.29, 6.1.30, 6.1.31, 6.1.32, 6.1.33, 6.1.34, 6.1.35, 6.1.36, 6.1.37, 6.1.38, 6.1.39, 6.1.40, 6.1.41, 6.1.42, 6.1.43, 6.1.44, 6.1.45, 6.1.46, 6.1.47, 6.1.48, 6.1.49, 6.1.50, 6.1.51, 6.1.52, 6.1.53, 6.1.54, 6.1.55, 6.1.56, 6.1.57, 6.1.58, 6.1.59, 6.1.60, 6.1.61, 6.1.62, 6.1.63, 6.1.64, 6.1.65, 6.1.66, 6.1.67, 6.1.68, 6.1.69, 6.1.70, 6.1.71, 6.1.72, 6.1.73, 6.1.74, 6.1.75, 6.1.76, 6.1.77, 6.1.78, 6.1.79, 6.1.80, 6.1.81, 6.1.82, 6.1.83, 6.1.84, 6.1.85, 6.1.86, 6.1.87, 6.1.88, 6.1.89, 6.1.90, 6.1.91, 6.1.92, 6.1.93, 6.1.94, 6.1.95, 6.1.96, 6.1.97, 6.1.98, 6.1.99, 6.1.100, 6.1.101, 6.1.102, 6.1.103, 6.1.104, 6.1.105, 6.1.106, 6.1.107, 6.1.108, 6.1.109, 6.1.110, 6.1.111, 6.1.112, 6.1.113, 6.1.114, 6.1.115, 6.1.116, 6.1.117, 6.1.118, 6.1.119, 6.1.121, 6.1.122, 6.6, 6.6 rc1, 6.6 rc2, 6.6 rc3, 6.6 rc4, 6.6 rc5, 6.6 rc6, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 6.6.13, 6.6.14, 6.6.15, 6.6.16, 6.6.17, 6.6.18, 6.6.19, 6.6.20, 6.6.21, 6.6.22, 6.6.23, 6.6.24, 6.6.25, 6.6.26, 6.6.27, 6.6.28, 6.6.29, 6.6.30, 6.6.31, 6.6.32, 6.6.33, 6.6.34, 6.6.35, 6.6.36, 6.6.37, 6.6.38, 6.6.39, 6.6.40, 6.6.41, 6.6.42, 6.6.43, 6.6.44, 6.6.45, 6.6.46, 6.6.47, 6.6.48, 6.6.49, 6.6.50, 6.6.51, 6.6.52, 6.6.53, 6.6.54, 6.6.55, 6.6.56, 6.6.57, 6.6.58, 6.6.59, 6.10, 6.10.1, 6.10.2, 6.10.3, 6.10.4, 6.10.5, 6.10.6, 6.10.7, 6.10.8, 6.10.9, 6.10.10, 6.10.11, 6.10.12, 6.10.13, 6.11, 6.11.1, 6.11.2

External links
https://git.kernel.org/stable/c/3104bddc666ff64b90491868bbc4c7ebdd90aedf
https://git.kernel.org/stable/c/05095271a4fb0f6497121a057f9a2edf386d5d96
https://git.kernel.org/stable/c/fd70e9f1d85f5323096ad313ba73f5fe3d15ea41
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.120
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.123
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.60

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-azure-nvidia

Ubuntu update for linux-azure-6.8

Ubuntu update for linux-azure

Ubuntu update for linux-hwe-6.8

Ubuntu update for linux-ibm

Ubuntu update for linux-oem-6.8

Ubuntu update for linux-gcp-6.8

Ubuntu update for linux-aws

Ubuntu update for linux-oem-6.11

Ubuntu update for linux-oracle