#VU100135 Use of uninitialized resource in Linux kernel - CVE-2024-50173
Vulnerability identifier: #VU100135
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the tick_ctx_cleanup() function in drivers/gpu/drm/panthor/panthor_sched.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: 6.10, 6.10.1, 6.10.2, 6.10.3, 6.10.4, 6.10.5, 6.10.6, 6.10.7, 6.10.8, 6.10.9, 6.10.10, 6.10.11, 6.10.12, 6.10.13, 6.11, 6.11.1, 6.11.2
External links
https://git.kernel.org/stable/c/ac2ca5e5148a0d4d78ac01c2d8348d0757c7367f
https://git.kernel.org/stable/c/3bde05794497d5f426d4ea2ecb9868bf7721fb24
https://git.kernel.org/stable/c/282864cc5d3f144af0cdea1868ee2dc2c5110f0d
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.14
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
