SB2024031373 - Local denial of service in Linux kernel memcg
Published: March 13, 2024
Security Bulletin ID
SB2024031373
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2022-0480)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memcg does not properly control consumption of internal resources within the filelock_init() function in fs/locks.c. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2049700
- https://github.com/kata-containers/kata-containers/issues/3373
- https://access.redhat.com/security/cve/CVE-2022-0480
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0f12156dff2862ac54235fc72703f18770769042
- https://ubuntu.com/security/CVE-2022-0480
- https://lore.kernel.org/linux-mm/20210902215519.AWcuVc3li%25akpm%40linux-foundation.org/