CVE-2024-41009Allocation of Resources Without Limits or Throttling in Linux

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-121Stack-based Buffer Overflow28 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 91.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
LinuxLinux KernelDebian Linux+5 more
Timeline
PublishedJul 17
Latest updateAug 14

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages10 packages

NVDlinux/linux_kernel5.86.1.97+2
Debianlinux/linux_kernel< 5.10.223-1+3
Ubuntulinux/linux_kernel< 5.15.0-122.132+1

Patches

Patch: git.kernel.orgPatch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

13
OSV
linux-gkeop vulnerabilities2024-12-12
OSV
linux-azure-fde vulnerabilities2024-10-31
OSV
linux-aws-6.8, linux-oracle-6.8 vulnerabilities2024-10-11
OSV
linux-azure-fde-5.15 vulnerabilities2024-10-03
OSV
linux-raspi vulnerabilities2024-09-26

📋Vendor Advisories

14
CISA ICS
Siemens Third-Party Components in SINEC OS2025-08-14
Ubuntu
Linux kernel (GKE) vulnerabilities2024-12-12
Ubuntu
Linux kernel vulnerabilities2024-10-31
Ubuntu
Linux kernel vulnerabilities2024-10-11
Ubuntu
Linux kernel vulnerabilities2024-10-03