#VU90289 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU90289
Vulnerability risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the drivers/gpu/drm/amd/include/pptable.h, drivers/gpu/drm/amd/powerplay/hwmgr/pptable_v1_0.h. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/e52e324a21341c97350d5f11de14721c1c609498
http://git.kernel.org/stable/c/cfd8cd907fd94538561479a43aea455f5cf16928
http://git.kernel.org/stable/c/c847379a5d00078ad6fcb1c24230e72c5609342f
http://git.kernel.org/stable/c/8af28ae3acb736ada4ce3457662fa446cc913bb4
http://git.kernel.org/stable/c/acdb6830de02cf2873aeaccdf2d9bca4aee50e47
http://git.kernel.org/stable/c/fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b
http://git.kernel.org/stable/c/6dffdddfca818c02a42b6caa1d9845995f0a1f94
http://git.kernel.org/stable/c/92a775e7c9707aed28782bafe636bf87675f5a97
http://git.kernel.org/stable/c/760efbca74a405dc439a013a5efaa9fadc95a8c3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
