SUSE update for the Linux Kernel

Published: 2021-05-13

Risk	Low
Patch available	YES
Number of vulnerabilities	7
CVE-ID	CVE-2020-36310 CVE-2020-36312 CVE-2020-36322 CVE-2021-28950 CVE-2021-29155 CVE-2021-29650 CVE-2021-3444
CWE-ID	CWE-835 CWE-401 CWE-404 CWE-834 CWE-125 CWE-119
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #5 is available.
Vulnerable software	SUSE Linux Enterprise High Availability Operating systems & Components / Operating system SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Workstation Extension Operating systems & Components / Operating system SUSE Linux Enterprise Software Development Kit Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component kgraft-patch-4_12_14-122_71-default Operating systems & Components / Operating system package or component kernel-default-kgraft-devel Operating systems & Components / Operating system package or component kernel-default-kgraft Operating systems & Components / Operating system package or component kernel-default-man Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-default-base-debuginfo Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component kernel-docs Operating systems & Components / Operating system package or component kernel-obs-build-debugsource Operating systems & Components / Operating system package or component kernel-obs-build Operating systems & Components / Operating system package or component kernel-default-extra-debuginfo Operating systems & Components / Operating system package or component kernel-default-extra Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Infinite loop

EUVDB-ID: #VU61272

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36310

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in set_memory_region_test in arch/x86/kvm/svm/svm.c. A local user can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Memory leak

EUVDB-ID: #VU67183

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36312

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists in the KVM hypervisor of the Linux kernel. A local user can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper Resource Shutdown or Release

EUVDB-ID: #VU59473

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-36322

CWE-ID: CWE-404 - Improper Resource Shutdown or Release

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the FUSE filesystem implementation in the Linux kernel due to fuse_do_getattr() calls make_bad_inode() in inappropriate situations. A local user can run a specially crafted program to trigger kernel crash.

Note, the vulnerability exists due to incomplete fix for #VU58207 (CVE-2021-28950).

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Excessive Iteration

EUVDB-ID: #VU58207

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-28950

CWE-ID: CWE-834 - Excessive Iteration

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to excessive iteration in fs/fuse/fuse_i.h in the Linux kernel. A local user can run a specially crafted program to perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

EUVDB-ID: #VU67490

Risk: Low

CVSSv4.0: 5.2 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2021-29155

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: Yes

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in retrieve_ptr_limit in kernel/bpf/verifier.c in the Linux kernel mechanism. A local, special user privileged (CAP_SYS_ADMIN) BPF program running on affected systems may bypass the protection, and execute speculatively out-of-bounds loads from the kernel memory.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Buffer overflow

EUVDB-ID: #VU56240

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-29650

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the netfilter subsystem in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h. A local user can trigger memory corruption upon the assignment of a new table value and cause denial of service.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU90368

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3444

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the fixup_bpf_calls() function in kernel/bpf/verifier.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Availability: 12-SP5

SUSE Linux Enterprise Live Patching: 12-SP5

SUSE Linux Enterprise Workstation Extension: 12-SP5

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

ocfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

ocfs2-kmp-default: before 4.12.14-122.71.1

gfs2-kmp-default-debuginfo: before 4.12.14-122.71.1

gfs2-kmp-default: before 4.12.14-122.71.1

dlm-kmp-default-debuginfo: before 4.12.14-122.71.1

dlm-kmp-default: before 4.12.14-122.71.1

cluster-md-kmp-default-debuginfo: before 4.12.14-122.71.1

cluster-md-kmp-default: before 4.12.14-122.71.1

kgraft-patch-4_12_14-122_71-default: before 1-8.5.1

kernel-default-kgraft-devel: before 4.12.14-122.71.1

kernel-default-kgraft: before 4.12.14-122.71.1

kernel-default-man: before 4.12.14-122.71.1

kernel-default-devel-debuginfo: before 4.12.14-122.71.1

kernel-source: before 4.12.14-122.71.1

kernel-macros: before 4.12.14-122.71.1

kernel-devel: before 4.12.14-122.71.1

kernel-syms: before 4.12.14-122.71.1

kernel-default-devel: before 4.12.14-122.71.1

kernel-default-base-debuginfo: before 4.12.14-122.71.1

kernel-default-base: before 4.12.14-122.71.1

kernel-default: before 4.12.14-122.71.1

kernel-docs: before 4.12.14-122.71.1

kernel-obs-build-debugsource: before 4.12.14-122.71.2

kernel-obs-build: before 4.12.14-122.71.2

kernel-default-extra-debuginfo: before 4.12.14-122.71.1

kernel-default-extra: before 4.12.14-122.71.1

kernel-default-debugsource: before 4.12.14-122.71.1

kernel-default-debuginfo: before 4.12.14-122.71.1

CPE2.3

External links

https://www.suse.com/support/update/announcement/2021/suse-su-20211595-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.