Vulnerability identifier: #VU90350
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53
http://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729
http://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb
http://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802
http://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213
http://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848
http://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c21521da
http://git.kernel.org/stable/c/354a6e707e29cb0c007176ee5b8db8be7bd2dee0
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.