#VU93453 Improper error handling in Linux kernel - CVE-2024-27025

Cybersecurity Help s.r.o.

Published: 2024-06-27 | Updated: 2025-05-13

Vulnerability identifier: #VU93453

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-27025

CWE-ID: CWE-388

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nbd_genl_status() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.4 - 5.4.272, 5.10 - 5.10.213, 5.15 - 5.15.152, 6.1 - 6.1.82, 6.6 - 6.6.22, 6.7 - 6.7.10, 6.8 - 6.8.1

External links
https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e
https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced
https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797
https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8
https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983
https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf
https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e308596a
https://git.kernel.org/stable/c/31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.214
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.153
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.273
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.83
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.23
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.11
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8.2

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.17

Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16

Red Hat Enterprise Linux 9 update for kernel

Multiple vulnerabilities in IBM Integrated Analytics System

Dell RecoverPoint for Virtual Machines update for third-party components

Dell SmartFabric Storage Software update for third-party components

Anolis OS update for kernel

Multiple vulnerabilities in Dell Secure Connect Gateway

Multiple vulnerabilities in IBM Security Guardium

Multiple vulnerabilities in IBM Technical Support Appliance