Improper locking in Linux kernel - CVE-2024-38780
Published: June 21, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU93034
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-38780
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
How to mitigate CVE-2024-38780
Install update from vendor's website.
Sources
- https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a
- https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed
- https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8
- https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878
- https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a
- https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef
- https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e
- https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.316
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.219
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.161
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.278
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.33