#VU90335 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU90335
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the create_core_data() function in drivers/hwmon/coretemp.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/93f0f4e846fcb682c3ec436e3b2e30e5a3a8ee6a
http://git.kernel.org/stable/c/1eb74c00c9c3b13cb65e508c5d5a2f11afb96b8b
http://git.kernel.org/stable/c/f0da068c75c20ffc5ba28243ff577531dc2af1fd
http://git.kernel.org/stable/c/a16afec8e83c56b14a4a73d2e3fb8eec3a8a057e
http://git.kernel.org/stable/c/9bce69419271eb8b2b3ab467387cb59c99d80deb
http://git.kernel.org/stable/c/853a6503c586a71abf27e60a7f8c4fb28092976d
http://git.kernel.org/stable/c/3a7753bda55985dc26fae17795cb10d825453ad1
http://git.kernel.org/stable/c/4e440abc894585a34c2904a32cd54af1742311b3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
