Vulnerability identifier: #VU90308
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlxbf_gige_open() function in drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/a583117668ddb86e98f2e11c7caa3db0e6df52a3
http://git.kernel.org/stable/c/24444af5ddf729376b90db0f135fa19973cb5dab
http://git.kernel.org/stable/c/867a2f598af6a645c865d1101b58c5e070c6dd9e
http://git.kernel.org/stable/c/8feb1652afe9c5d019059a55c90f70690dce0f52
http://git.kernel.org/stable/c/f7442a634ac06b953fc1f7418f307b25acd4cfbc
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.