#VU90531 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90531
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_ses_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/87cdb8789c38e44ae5454aafe277997c950d00ed
http://git.kernel.org/stable/c/69bb79a8f5bb9f436b6f1434ca9742591b7bbe18
http://git.kernel.org/stable/c/811a7576747760bcaf60502f096d1e6e91d566fa
http://git.kernel.org/stable/c/3b861a40325eac9c4c13b6c53874ad90617e944d
http://git.kernel.org/stable/c/48fcd08fdbe05e35b650a252ec2a2d96057a1c7a
http://git.kernel.org/stable/c/83ea620a1be840bf05089a5061fb8323ca42f38c
http://git.kernel.org/stable/c/fae9705d281091254d4a81fa2da9d22346097dca
http://git.kernel.org/stable/c/4cd8371a234d051f9c9557fcbb1f8c523b1c0d10
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
