#VU99178 Race condition in Linux kernel - CVE-2024-49935

Cybersecurity Help s.r.o.

Published: 2024-10-22

Vulnerability identifier: #VU99178

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-49935

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the exit_round_robin() function in drivers/acpi/acpi_pad.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: All versions

External links
https://git.kernel.org/stable/c/92e5661b7d0727ab912b76625a88b33fdb9b609a
https://git.kernel.org/stable/c/68a599da16ebad442ce295d8d2d5c488e3992822
https://git.kernel.org/stable/c/68a8e45743d6a120f863fb14b72dc59616597019
https://git.kernel.org/stable/c/03593dbb0b272ef7b0358b099841e65735422aca
https://git.kernel.org/stable/c/27c045f868f0e5052c6b532868a65e0cd250c8fc
https://git.kernel.org/stable/c/0a2ed70a549e61c5181bad5db418d223b68ae932

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for linux-azure-6.8

Ubuntu update for linux-azure

SUSE update for the Linux Kernel

Ubuntu update for linux-hwe-6.8

Ubuntu update for linux-ibm

Ubuntu update for linux-oem-6.8

Dell SmartFabric Manager update for third-party components

Ubuntu update for linux-gcp-6.8

Ubuntu update for linux-aws

Ubuntu update for linux-oem-6.11