#VU89245 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU89245
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor:
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unpack_profile() function in security/apparmor/policy_unpack.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e
http://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf
http://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87
http://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4
http://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45
http://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203
http://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e
http://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
