Resource management error in Linux kernel ipv4
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-50083 |
| CWE-ID | CWE-399 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Resource management error
EUVDB-ID: #VU99458
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-50083
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcp_can_coalesce_send_queue_head() function in net/ipv4/tcp_output.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsLinux kernel: 5.10 - 6.11.4
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:5.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10:rc7:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:5.10.3:*:*:*:*:*:*:*
https://git.kernel.org/stable/c/c38add9ac0e4d4f418e6443a688491499021add9
https://git.kernel.org/stable/c/9729010a0ac5945c1bf6847dd0778d8a1a4b72ac
https://git.kernel.org/stable/c/ba8e65814e519eeb17d086952bce7de93f7a40da
https://git.kernel.org/stable/c/229dfdc36f31a8d47433438bc0e6e1662c4ab404
https://git.kernel.org/stable/c/db04d1848777ae52a7ab93c4591e7c0bf8f55fb4
https://git.kernel.org/stable/c/4dabcdf581217e60690467a37c956a5b8dbc6bd9
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.228
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.169
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.114
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.58
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
