#VU90542 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90542
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psz_kmsg_read() function in fs/pstore/zone.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/98e2b97acb875d65bdfc75fc408e67975cef3041
http://git.kernel.org/stable/c/0ff96ec22a84d80a18d7ae8ca7eb111c34ee33bb
http://git.kernel.org/stable/c/635594cca59f9d7a8e96187600c34facb8bc0682
http://git.kernel.org/stable/c/ec7256887d072f98c42cdbef4dcc80ddf84c7a70
http://git.kernel.org/stable/c/6f9f2e498eae7897ba5d3e33908917f68ff4abcc
http://git.kernel.org/stable/c/98bc7e26e14fbb26a6abf97603d59532475e97f8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
