Infinite loop in Linux kernel sched



| Updated: 2025-05-11
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-58090
CWE-ID CWE-835
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Infinite loop

EUVDB-ID: #VU106127

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-58090

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the !defined() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.13 - 6.13.5

CPE2.3 External links

https://git.kernel.org/stable/c/0362847c520747b44b574d363705d8af0621727a
https://git.kernel.org/stable/c/1651f5731b378616565534eb9cda30e258cebebc
https://git.kernel.org/stable/c/288fdb8dcb71ec77b76ab8b8a06bc10f595ea504
https://git.kernel.org/stable/c/321794b75ac968f0bb6b9c913581949452a8d992
https://git.kernel.org/stable/c/68786ab0935ccd5721283b7eb7f4d2f2942c7a52
https://git.kernel.org/stable/c/82c387ef7568c0d96a918a5a78d9cad6256cfa15
https://git.kernel.org/stable/c/84586322e010164eedddfcd0a0894206ae7d9317
https://git.kernel.org/stable/c/b927c8539f692fb1f9c2f42e6c8ea2d94956f921
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.13.6


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###