#VU90320 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU90320
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b80ba648714e6d790d69610cf14656be222d0248
http://git.kernel.org/stable/c/3160d9734453a40db248487f8204830879c207f1
http://git.kernel.org/stable/c/0977f89722eceba165700ea384f075143f012085
http://git.kernel.org/stable/c/c119f4ede3fa90a9463f50831761c28f989bfb20
http://git.kernel.org/stable/c/da21401372607c49972ea87a6edaafb36a17c325
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
