#VU90296 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU90296
Vulnerability risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/kvm_host.h. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3098b86390a6b9ea52657689f08410baf130ceff
http://git.kernel.org/stable/c/740621309b25bbf619b8a0ba5fd50a8e58989441
http://git.kernel.org/stable/c/361ce3b917aff93123e9e966d8608655c967f438
http://git.kernel.org/stable/c/22b87fb17a28d37331bb9c1110737627b17f6781
http://git.kernel.org/stable/c/bff1fbf0cf0712686f1df59a83fba6e31d2746a0
http://git.kernel.org/stable/c/7af299b97734c7e7f465b42a2139ce4d77246975
http://git.kernel.org/stable/c/ed0e2a893092c7fcb4ff7ba74e5efce53a6f5940
http://git.kernel.org/stable/c/da27a83fd6cc7780fea190e1f5c19e87019da65c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
