#VU90555 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90555
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/2342b05ec5342a519e00524a507f7a6ea6791a38
http://git.kernel.org/stable/c/55f8ea6731aa64871ee6aef7dba53ee9f9f3b2f6
http://git.kernel.org/stable/c/bcfcdf19698024565eff427706ebbd8df65abd11
http://git.kernel.org/stable/c/c10fed329c1c104f375a75ed97ea3abef0786d62
http://git.kernel.org/stable/c/766ec94cc57492eab97cbbf1595bd516ab0cb0e4
http://git.kernel.org/stable/c/62b1f837b15cf3ec2835724bdf8577e47d14c753
http://git.kernel.org/stable/c/bea82355df9e1c299625405b1947fc9b26b4c6d4
http://git.kernel.org/stable/c/1784053cf10a14c4ebd8a890bad5cfe1bee51713
http://git.kernel.org/stable/c/a20ad45008a7c82f1184dc6dee280096009ece55
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
