#VU90396 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90396
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlcnic_83xx_add_rings() function in drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3a061d54e260b701b538873b43e399d9b8b83e03
http://git.kernel.org/stable/c/b4f217d6fcc00c3fdc0921a7691f30be7490b073
http://git.kernel.org/stable/c/550658a2d61e4eaf522c8ebc7fad76dc376bfb45
http://git.kernel.org/stable/c/57af54a56024435d83e44c78449513b414eb6edf
http://git.kernel.org/stable/c/bbeb0325a7460ebf1e03f5e0bfc5c652fba9519f
http://git.kernel.org/stable/c/15fa12c119f869173f9b710cbe6a4a14071d2105
http://git.kernel.org/stable/c/c5ef33c1489b2cd74368057fa00b5d2183bb5853
http://git.kernel.org/stable/c/e2dabc4f7e7b60299c20a36d6a7b24ed9bf8e572
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
