#VU90266 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU90266
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147
http://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd
http://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4
http://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9
http://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32
http://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91
http://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35
http://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
