#VU94269 Improper locking in Linux kernel - CVE-2024-40981
Published: July 13, 2024 / Updated: May 13, 2025
Vulnerability identifier: #VU94269
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-40981
CWE-ID: CWE-667
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the batadv_purge_orig_ref() function in net/batman-adv/originator.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/79636f636126775436a11ee9cf00a9253a33ac11
- https://git.kernel.org/stable/c/154e3f862ba33675cf3f4abf0a0a309a89df87d2
- https://git.kernel.org/stable/c/82cdea8f3af1e36543c937df963d108c60bea030
- https://git.kernel.org/stable/c/92176caf9896572f00e741a93cecc0ef1172da07
- https://git.kernel.org/stable/c/fed7914858a1f1f3e6350bb0f620d6ef15107d16
- https://git.kernel.org/stable/c/2685008a5f9a636434a8508419cee8158a2f52c8
- https://git.kernel.org/stable/c/ae7f3cffe86aea3da0e8e079525a1ae619b8862a
- https://git.kernel.org/stable/c/40dc8ab605894acae1473e434944924a22cfaaa0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.96
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.36