SB2024060352 - Improper locking in Linux kernel core
Published: June 3, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024060352
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2024-35895)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/f7990498b05ac41f7d6a190dc0418ef1d21bf058
- https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75
- https://git.kernel.org/stable/c/d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec
- https://git.kernel.org/stable/c/a44770fed86515eedb5a7c00b787f847ebb134a5
- https://git.kernel.org/stable/c/668b3074aa14829e2ac2759799537a93b60fef86
- https://git.kernel.org/stable/c/6af057ccdd8e7619960aca1f0428339f213b31cd
- https://git.kernel.org/stable/c/ff91059932401894e6c86341915615c5eb0eca48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.5