#VU87343 Buffer overflow in Linux kernel
Vulnerability identifier: #VU87343
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the fp/vmx code in powerpc/lib/sstep.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414
http://git.kernel.org/stable/c/0580f4403ad33f379eef865c2a6fe94de37febdf
http://git.kernel.org/stable/c/beee482cc4c9a6b1dcffb2e190b4fd8782258678
http://git.kernel.org/stable/c/de4f5ed63b8a199704d8cdcbf810309d7eb4b36b
http://git.kernel.org/stable/c/abd26515d4b767ba48241eea77b28ce0872aef3e
http://git.kernel.org/stable/c/28b8ba8eebf26f66d9f2df4ba550b6b3b136082c
http://git.kernel.org/stable/c/848e1d7fd710900397e1d0e7584680c1c04e3afd
http://git.kernel.org/stable/c/8f9abaa6d7de0a70fc68acaedce290c1f96e2e59
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
