#VU99451 Improper locking in Linux kernel - CVE-2024-50082
Vulnerability identifier: #VU99451
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rq_qos_wake_function() function in block/blk-rq-qos.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/3bc6d0f8b70a9101456cf02ab99acb75254e1852
http://git.kernel.org/stable/c/455a469758e57a6fe070e3e342db12e4a629e0eb
http://git.kernel.org/stable/c/b5e900a3612b69423a0e1b0ab67841a1fb4af80f
http://git.kernel.org/stable/c/4c5b123ab289767afe940389dbb963c5c05e594e
http://git.kernel.org/stable/c/04f283fc16c8d5db641b6bffd2d8310aa7eccebc
http://git.kernel.org/stable/c/e972b08b91ef48488bae9789f03cfedb148667fb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
