#VU90318 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU90318
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/bdbe483da21f852c93b22557b146bc4d989260f0
http://git.kernel.org/stable/c/897ac5306bbeb83e90c437326f7044c79a17c611
http://git.kernel.org/stable/c/2382eae66b196c31893984a538908c3eb7506ff9
http://git.kernel.org/stable/c/90823f8d9ecca3d5fa6b102c8e464c62f416975f
http://git.kernel.org/stable/c/c4a7dc9523b59b3e73fd522c73e95e072f876b16
http://git.kernel.org/stable/c/054f29e9ca05be3906544c5f2a2c7321c30a4243
http://git.kernel.org/stable/c/90f43980ea6be4ad903e389be9a27a2a0018f1c8
http://git.kernel.org/stable/c/7061c7efbb9e8f11ce92d6b4646405ea2b0b4de1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
