Improper error handling in Linux kernel block driver
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-27025 |
| CWE-ID | CWE-388 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper error handling
EUVDB-ID: #VU93453
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27025
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nbd_genl_status() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.4 - 6.8.1
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.4.7:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e
https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced
https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797
https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8
https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983
https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf
https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a
https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
