#VU93769 Improper locking in Linux kernel - CVE-2024-26667


| Updated: 2025-05-13

Vulnerability identifier: #VU93769

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26667

CWE-ID: CWE-667

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dpu_encoder_helper_phys_cleanup() function in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Linux kernel: 6.1 - 6.1.77, 6.6 - 6.6.16, 6.7 - 6.7.4, 6.8 rc1 - 6.8 rc5

External links
https://git.kernel.org/stable/c/fb8bfc6ea3cd8c5ac3d35711d064e2f6646aec17
https://git.kernel.org/stable/c/79592a6e7bdc1d05460c95f891f5e5263a107af8
https://git.kernel.org/stable/c/eb4f56f3ff5799ca754ae6d811803a63fe25a4a2
https://git.kernel.org/stable/c/7f3d03c48b1eb6bc45ab20ca98b8b11be25f9f52
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.78
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.17
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.5
https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM Security Guardium
Multiple vulnerabilities in IBM QRadar SIEM
Ubuntu update for linux-oem-6.5
Ubuntu update for linux-aws-6.5
Ubuntu update for linux-hwe-6.5
Ubuntu update for linux-azure-6.5
Ubuntu update for linux
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel
SUSE update for the Linux Kernel