SB2024060386 - Improper locking in Linux kernel block aoe driver
Published: June 3, 2024 Updated: May 14, 2025
Security Bulletin ID
SB2024060386
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2024-26775)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aoeblk_gdalloc() function in drivers/block/aoe/aoeblk.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26
- https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709c
- https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77
- https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8