#VU90620 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU90620
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fmvj18x_get_hwinfo() function in drivers/net/ethernet/fujitsu/fmvj18x_cs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6
http://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b
http://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7
http://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f
http://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251
http://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50
http://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6
http://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee45a7cb5e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
