SB20241022142 - Improper locking in Linux kernel net
Published: October 22, 2024 Updated: May 12, 2025
Security Bulletin ID
SB20241022142
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper locking (CVE-ID: CVE-2024-47678)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the icmpv6_mask_allow(), icmpv6_global_allow(), icmpv6_xrlim_allow(), icmp6_send() and icmpv6_echo_reply() functions in net/ipv6/icmp.c, within the __SPIN_LOCK_UNLOCKED(), icmpv4_mask_allow(), icmpv4_global_allow(), icmpv4_xrlim_allow(), icmp_reply() and __icmp_send() functions in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/997ba8889611891f91e8ad83583466aeab6239a3
- https://git.kernel.org/stable/c/662ec52260cc07b9ae53ecd3925183c29d34288b
- https://git.kernel.org/stable/c/a7722921adb046e3836eb84372241f32584bdb07
- https://git.kernel.org/stable/c/483397b4ba280813e4a9c161a0a85172ddb43d19
- https://git.kernel.org/stable/c/8c2bd38b95f75f3d2a08c93e35303e26d480d24e
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.113
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.10.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.11.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.54