#VU100076 Improper locking in Linux kernel - CVE-2024-50140


| Updated: 2025-05-12

Vulnerability identifier: #VU100076

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-50140

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the task_work_add() function in kernel/task_work.c, within the task_tick_mm_cid() function in kernel/sched/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.6 - 6.6.58, 6.11 - 6.11.5

External links
https://git.kernel.org/stable/c/509c29d0d26f68a6f6d0a05cb1a89725237e2b87
https://git.kernel.org/stable/c/ce0241ef83eed55f675376e8a3605d23de53d875
https://git.kernel.org/stable/c/73ab05aa46b02d96509cb029a8d04fca7bbde8c7
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.6
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.59

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Dell APEX Cloud Platform for Microsoft Azure update for third-party components
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
openEuler 24.03 LTS update for kernel
openEuler 24.03 LTS SP1 update for kernel
Dell SmartFabric Manager update for third-party components
Ubuntu update for linux-azure-nvidia
Dell APEX Cloud Platform for Red Hat OpenShift update for third-party components
Ubuntu update for linux-hwe-6.8