Denial of service in Linux kernel powerpc



| Updated: 2025-05-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-26847
CWE-ID CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU92086

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26847

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to an error in arch/powerpc/kernel/rtas.c caused by usage of an incorrect function name. A local user can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Linux kernel: 6.6 - 6.8 rc5

CPE2.3 External links

https://git.kernel.org/stable/c/6b6282d56b14879124416a23837af9bd52ae2dfb
https://git.kernel.org/stable/c/dd63817baf334888289877ab1db1d866af2a6479
https://git.kernel.org/stable/c/fad87dbd48156ab940538f052f1820f4b6ed2819
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.21
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.9
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###