Improper locking in Linux kernel md driver



| Updated: 2025-05-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-35805
CWE-ID CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU91519

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35805

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.4 - 6.8.2

CPE2.3 External links

https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e
https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c
https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7
https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1
https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2
https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366
https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683
https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.215
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.154
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.274
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.84
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.24
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.3


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###