PT-2024-29243 · Linux+5 · Linux Kernel+5

Published

2024-06-14

·

Updated

2025-02-03

·

CVE-2024-41068

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.43
Description The vulnerability is related to the sclp init() function in the Linux kernel, which fails to properly clean up when it encounters an error. This can lead to the sclp state change event being added multiple times to the sclp reg list, resulting in a warning. The issue is caused by a resource management error in the sclp init() function. Exploitation of this vulnerability can cause a denial of service.
Recommendations To resolve the issue, update the Linux kernel to version 6.6.43 or later. As a temporary workaround, consider disabling the sclp init() function until a patch is available. However, this may have unintended consequences and should be carefully evaluated before implementation. At the moment, there is no information about other versions that contain a fix for this vulnerability.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-372

Related Identifiers

BDU:2025-01339
CVE-2024-41068
DLA-4008-1
DSA-5747-1
MGASA-2024-0277
MGASA-2024-0278
OESA-2024-2076
OESA-2024-2077
OESA-2024-2078
OESA-2024-2079
OESA-2024-2080
OPENSUSE-SU-2024_3190-1
OPENSUSE-SU-2024_3209-1
OPENSUSE-SU-2024_3483-1
SUSE-SU-2024:3189-1
SUSE-SU-2024:3190-1
SUSE-SU-2024:3194-1
SUSE-SU-2024:3195-1
SUSE-SU-2024:3209-1
SUSE-SU-2024:3251-1
SUSE-SU-2024:3252-1
SUSE-SU-2024:3383-1
SUSE-SU-2024:3483-1
SUSE-SU-2025:20044-1
SUSE-SU-2025:20047-1
USN-7088-1
USN-7088-2
USN-7088-3
USN-7088-4
USN-7088-5
USN-7089-1
USN-7089-2
USN-7089-3
USN-7089-4
USN-7089-5
USN-7089-6
USN-7089-7
USN-7090-1
USN-7095-1
USN-7100-1
USN-7100-2
USN-7119-1
USN-7123-1
USN-7144-1
USN-7156-1
USN-7194-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu