#VU95020 Improper error handling in Linux kernel - CVE-2024-41034
Published: July 31, 2024 / Updated: May 12, 2025
Vulnerability identifier: #VU95020
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-41034
CWE-ID: CWE-388
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_dotdot() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
External links
- https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703
- https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e
- https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b
- https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d
- https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231
- https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd
- https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5
- https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.318
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.222
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.163
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.280
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.41