#VU89675 Buffer overflow in Linux kernel
Vulnerability identifier: #VU89675
Vulnerability risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98
http://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285
http://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239
http://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb
http://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b
http://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f
http://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa
http://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
