#VU90500 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90500
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udf_symlink() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/2f3d9ddd32a28803baa547e6274983b67d5e287c
http://git.kernel.org/stable/c/371566f63cbd0bb6fbb25b8fe9d5798268d35af9
http://git.kernel.org/stable/c/baea588a42d675e35daeaddd10fbc9700550bc4d
http://git.kernel.org/stable/c/3638705ecd5ad2785e996f820121c0ad15ce64b5
http://git.kernel.org/stable/c/80d505aee6398cf8beb72475c7edcf1733c1c68b
http://git.kernel.org/stable/c/21bf1414580c36ffc8d8de043beb3508cf812238
http://git.kernel.org/stable/c/aebed6b19e51a34003d998da5ebb1dfdd2cb1d02
http://git.kernel.org/stable/c/5150877e4d99f85057a458daac7cd7c01005d5c6
http://git.kernel.org/stable/c/fa236c2b2d4436d9f19ee4e5d5924e90ffd7bb43
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
