Vulnerability identifier: #VU89387
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the neigh_periodic_work() function in net/core/neighbour.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/95eabb075a5902f4c0834ab1fb12dc35730c05af
http://git.kernel.org/stable/c/2ea52a2fb8e87067e26bbab4efb8872639240eb0
http://git.kernel.org/stable/c/147d89ee41434b97043c2dcb17a97dc151859baa
http://git.kernel.org/stable/c/f82aac8162871e87027692b36af335a2375d4580
http://git.kernel.org/stable/c/a75152d233370362eebedb2643592e7c883cc9fc
http://git.kernel.org/stable/c/25563b581ba3a1f263a00e8c9a97f5e7363be6fd
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.