SB2024070711 - Resource management error in Linux kernel fs

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management error (CVE-ID: CVE-2024-26764)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f
• https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942
• https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f
• https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353
• https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487
• https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7
• https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6
• https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760
• https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.308
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.211
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.150
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.270
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.19
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.7
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8