Improper locking in Linux kernel intel ice driver

1) Improper locking

EUVDB-ID: #VU91525

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26854

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ice_dpll_init() function in drivers/net/ethernet/intel/ice/ice_dpll.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.7 - 6.8 rc5

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:6.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.7:rc1:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.7:rc2:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.7:rc3:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.7:rc5:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.7:rc6:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.7:rc7:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.7.1:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.7.2:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:6.7.3:*:*:*:*:*:*:*

External links

https://git.kernel.org/stable/c/db29ceff3e25c48907016da456a7cbee6310fd83
https://git.kernel.org/stable/c/9224fc86f1776193650a33a275cac628952f80a9
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.