#VU90354 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU90354
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nft_rhash_destroy() function in net/netfilter/nft_set_hash.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/2824cafc6a93792d9ad85939c499161214d84c4b
http://git.kernel.org/stable/c/efcd730ddd6f25578bd31bfe703e593e2421d708
http://git.kernel.org/stable/c/c77e2ef18167ad334e27610ced9a7f6af5ec1787
http://git.kernel.org/stable/c/72b49dd116ca00a46a11d5a4d8d7987f05ed9cd7
http://git.kernel.org/stable/c/1e8ab479cfbe5751efccedb95afb9b112a5ba475
http://git.kernel.org/stable/c/a388d10961ff8578b1a6691945d406c0f33aa71b
http://git.kernel.org/stable/c/a54754ec9891830ba548e2010c889e3c8146e449
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
