#VU90285 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU90285
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbMount() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01
http://git.kernel.org/stable/c/8f2964df6bfce9d92d81ca552010b8677af8d9dc
http://git.kernel.org/stable/c/a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1
http://git.kernel.org/stable/c/524b4f203afcf87accfe387e846f33f916f0c907
http://git.kernel.org/stable/c/5f148b16972e5f4592629b244d5109b15135f53f
http://git.kernel.org/stable/c/0cb567e727339a192f9fd0db00781d73a91d15a6
http://git.kernel.org/stable/c/491085258185ffc4fb91555b0dba895fe7656a45
http://git.kernel.org/stable/c/1a7c53fdea1d189087544d9a606d249e93c4934b
http://git.kernel.org/stable/c/525b861a008143048535011f3816d407940f4bfa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
