#VU89390 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU89390
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/1779eb51b9cc628cee551f252701a85a2a50a457
http://git.kernel.org/stable/c/a7fb47b9711101d2405b0eb1276fb1f9b9b270c7
http://git.kernel.org/stable/c/c5f6478686bb45f453031594ae19b6c9723a780d
http://git.kernel.org/stable/c/b44dd92e2afd89eb6e9d27616858e72a67bdc1a7
http://git.kernel.org/stable/c/cd05eec2ee0cc396813a32ef675634e403748255
http://git.kernel.org/stable/c/2f0acb0736ecc3eb85dc80ad2790d634dcb10b58
http://git.kernel.org/stable/c/cac50d9f5d876be32cb9aa21c74018468900284d
http://git.kernel.org/stable/c/492032760127251e5540a5716a70996bacf2a3fd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
