5.5

CVE-2024-0639

Kernel: potential deadlock on &net->sctp.addr_wq_lock leading to dos

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version <= 6.4.16
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.056
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-667 Improper Locking

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

CWE-833 Deadlock

The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

https://access.redhat.com/security/cve/CVE-2024-0639
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2258754
Patch
Issue Tracking
https://github.com/torvalds/linux/commit/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a
Patch