#VU90421 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90421
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vcc_probe() and vcc_table_remove() functions in drivers/tty/vcc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3
http://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200
http://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac
http://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc
http://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06
http://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2
http://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9
http://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2aba76d3a
http://git.kernel.org/stable/c/d81ffb87aaa75f842cd7aa57091810353755b3e6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
