No Limit on Number of Open Sessions Leads to Memory Exhaustion and Impacts Availability
CVE-2024-1930

6.5MEDIUM

Key Information:

Vendor: Fedora
Status: Dnf5daemon-server
Vendor: CVE Published:; 8 May 2024

What is CVE-2024-1930?

A session management flaw exists in the DNF5 Daemon Server, allowing malicious users to create an unlimited number of open sessions via the open_session() D-Bus method. This behavior results in the generation of multiple threads, each consuming significant memory resources. As the number of sessions grows, the system approaches its memory limits, which ultimately prevents new connections from being established. This may lead to service unavailability, impacting the overall performance of applications reliant on the DNF5 Daemon Server. The vulnerability is significant as it highlights potential risks associated with resource exhaustion in multi-threaded environments.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

dnf5daemon-server Linux 5.1.16<=

References

https://www.openwall.com/lists/oss-security/2024/03/04/2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 8, 2024
Vulnerability Reserved
Feb 27, 2024

JSON

Fedora

What is CVE-2024-1930?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.