#VU90428 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90428
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_mt6779_apmixed_probe() and clk_mt6779_top_probe() functions in drivers/clk/mediatek/clk-mt6779.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/fbe466f06d4ea18745da0d57540539b7b36936ae
http://git.kernel.org/stable/c/3994387ba3564976731179c4d4a6d7850ddda71a
http://git.kernel.org/stable/c/ca6d565a2319d69d9766e6ecbb5af827fc4afb2b
http://git.kernel.org/stable/c/df1c4a9efa3f5b6fb5e0ae63890230dbe2190b7e
http://git.kernel.org/stable/c/a90239551abc181687f8c0ba60b276f7d75c141e
http://git.kernel.org/stable/c/f6a7c51cf07a399ec067d39f0a22f1817c5c7d2b
http://git.kernel.org/stable/c/1f57f78fbacf630430bf954e5a84caafdfea30c0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
