#VU90430 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90430
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the versatile_panel_get_modes() function in drivers/gpu/drm/panel/panel-arm-versatile.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/c7dc0aca5962fb37dbea9769dd26ec37813faae1
http://git.kernel.org/stable/c/2381f6b628b3214f07375e0adf5ce17093c31190
http://git.kernel.org/stable/c/79813cd59398015867d51e6d7dcc14d287d4c402
http://git.kernel.org/stable/c/4fa930ba046d20fc1899770396ee11e905fa96e4
http://git.kernel.org/stable/c/8a9dd36fcb4f3906982b82593393578db4479992
http://git.kernel.org/stable/c/924e5814d1f84e6fa5cb19c6eceb69f066225229
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
