Vulnerability identifier: #VU90435
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/14c9ec34e8118fbffd7f5431814d767726323e72
http://git.kernel.org/stable/c/fed492aa6493a91a77ebd51da6fb939c98d94a0d
http://git.kernel.org/stable/c/64c47749fc7507ed732e155c958253968c1d275e
http://git.kernel.org/stable/c/bdb3dd4096302d6b87441fdc528439f171b04be6
http://git.kernel.org/stable/c/fcaafb574fc88a52dce817f039f7ff2f9da38001
http://git.kernel.org/stable/c/6b21a22728852d020a6658d39cd7bb7e14b07790
http://git.kernel.org/stable/c/3e851a77a13ce944d703721793f49ee82622986d
http://git.kernel.org/stable/c/a7bee9598afb38004841a41dd8fe68c1faff4e90
http://git.kernel.org/stable/c/ef307bc6ef04e8c1ea843231db58e3afaafa9fa6
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.