#VU90796 Improper locking in Linux kernel
Vulnerability identifier: #VU90796
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the j1939_jsk_add(), j1939_sk_recv_match(), j1939_sk_recv(), j1939_sk_errqueue() and j1939_sk_netdev_event_netdown() functions in net/can/j1939/socket.c, within the j1939_netdev_start() function in net/can/j1939/main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/03358aba991668d3bb2c65b3c82aa32c36851170
http://git.kernel.org/stable/c/aedda066d717a0b4335d7e0a00b2e3a61e40afcf
http://git.kernel.org/stable/c/26dfe112ec2e95fe0099681f6aec33da13c2dd8e
http://git.kernel.org/stable/c/559b6322f9480bff68cfa98d108991e945a4f284
http://git.kernel.org/stable/c/6cdedc18ba7b9dacc36466e27e3267d201948c8d
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
