#VU90460 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90460
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_mt6765_apmixed_probe(), clk_mt6765_top_probe() and clk_mt6765_ifr_probe() functions in drivers/clk/mediatek/clk-mt6765.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/2617aa8ceaf30e41d3eb7f5fef3445542bef193a
http://git.kernel.org/stable/c/533ca5153ad6c7b7d47ae0114b14d0333964b946
http://git.kernel.org/stable/c/dd1f30d68fa98eb672c0a259297b761656a9025f
http://git.kernel.org/stable/c/10cc81124407d862f0f747db4baa9c006510b480
http://git.kernel.org/stable/c/b5ff3e89b4e7f46ad2aa0de7e08d18e6f87d71bc
http://git.kernel.org/stable/c/b82681042724924ae3ba0f2f2eeec217fa31e830
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
