#VU89257 Buffer overflow in Linux kernel
Vulnerability identifier: #VU89257
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/ocfs2/file.c. A local user can trigger memory corruption and crash the kernel.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/624fa7baa3788dc9e57840ba5b94bc22b03cda57
http://git.kernel.org/stable/c/33e03adafb29eedae1bae9cdb50c1385279fcf65
http://git.kernel.org/stable/c/a1700479524bb9cb5e8ae720236a6fabd003acae
http://git.kernel.org/stable/c/cec4e857ffaa8c447f51cd8ab4e72350077b6770
http://git.kernel.org/stable/c/cc2edb99ea606a45182b5ea38cc8f4e583aa0774
http://git.kernel.org/stable/c/c8d5faee46242c3f33b8a71a4d7d52214785bfcc
http://git.kernel.org/stable/c/0a31dd6fd2f4e7db538fb6eb1f06973d81f8dd3b
http://git.kernel.org/stable/c/6bba4471f0cc1296fe3c2089b9e52442d3074b2e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
