SB2024071377 - Improper locking in Linux kernel base driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper locking (CVE-ID: CVE-2024-39501)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the uevent_show() function in drivers/base/core.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/bb3641a5831789d83a58a39ed4a928bcbece7080
• https://git.kernel.org/stable/c/13d25e82b6d00d743c7961dcb260329f86bedf7c
• https://git.kernel.org/stable/c/760603e30bf19d7b4c28e9d81f18b54fa3b745ad
• https://git.kernel.org/stable/c/ec772ed7cb21b46fb132f89241682553efd0b721
• https://git.kernel.org/stable/c/08891eeaa97c079b7f95d60b62dcf0e3ce034b69
• https://git.kernel.org/stable/c/a42b0060d6ff2f7e59290a26d5f162a3c6329b90
• https://git.kernel.org/stable/c/95d03d369ea647b89e950667f1c3363ea6f564e6
• https://git.kernel.org/stable/c/c0a40097f0bc81deafc15f9195d1fb54595cd6d0
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.317
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.221
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.162
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.279
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.95
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.26
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.14.5
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.35
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.89