Vulnerability identifier: #VU93864
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/6ccf904aac0292e1f6b1a1be6c407c414f7cf713
http://git.kernel.org/stable/c/6d0822f2cc9b153bf2df49a84599195a2e0d21a8
http://git.kernel.org/stable/c/856caf2730ea18cb39e95833719c02a02447dc0a
http://git.kernel.org/stable/c/28a1f492cb527f64593457a0a0f0d809b3f36c25
http://git.kernel.org/stable/c/7a4d6481fbdd661f9e40e95febb95e3dee82bad3
http://git.kernel.org/stable/c/02c6bbfb08bad78dd014e24c7b893723c15ec7a1
http://git.kernel.org/stable/c/bdce67df7f12fb0409fbc604ce7c4254703f56d4
http://git.kernel.org/stable/c/8b13601d19c541158a6e18b278c00ba69ae37829
http://lists.debian.org/debian-lts-announce/2024/06/msg00017.html
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.