#VU90342 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU90342
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dbAdjTree() function in fs/jfs/jfs_dmap.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15
http://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56
http://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b
http://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b
http://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03
http://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd
http://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9
http://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
