Improper locking in Linux kernel m68k kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-38613 |
| CWE-ID | CWE-667 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper locking
EUVDB-ID: #VU92359
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-38613
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/m68k/kernel/entry.S. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 4.19 - 6.8.11
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.19.9:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/2a8d1d95302c7d52c6ac8fa5cb4a6948ae0d3a14
https://git.kernel.org/stable/c/5213cc01d0464c011fdc09f318705603ed3a746b
https://git.kernel.org/stable/c/4eeffecc8e3cce25bb559502c2fd94a948bcde82
https://git.kernel.org/stable/c/77b2b67a0f8bce260c53907e5749d61466d90c87
https://git.kernel.org/stable/c/0d9ae1253535f6e85a016e09c25ecbe6f7f59ef0
https://git.kernel.org/stable/c/f3baf0f4f92af32943ebf27b960e0552c6c082fd
https://git.kernel.org/stable/c/f1d4274a84c069be0f6098ab10c3443fc1f7134c
https://git.kernel.org/stable/c/95f00caf767b5968c2c51083957b38be4748a78a
https://git.kernel.org/stable/c/da89ce46f02470ef08f0f580755d14d547da59ed
https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.12
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
