#VU90793 Improper locking in Linux kernel
Vulnerability identifier: #VU90793
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt5645_jack_detect_work() function in sound/soc/codecs/rt5645.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2
http://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d
http://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e
http://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b
http://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec
http://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c
http://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491
http://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
