#VU90802 Improper locking in Linux kernel
Vulnerability identifier: #VU90802
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/eb55ba8aa7fb7aad54f40fbf4d8dcdfdba0bebf6
http://git.kernel.org/stable/c/6ab4fd508fad942f1f1ba940492f2735e078e980
http://git.kernel.org/stable/c/e016e358461b89b231626fcf78c5c38e35c44fd3
http://git.kernel.org/stable/c/a9c15d6e8aee074fae66c04d114f20b84274fcca
http://git.kernel.org/stable/c/7f2649c94264d00df6b6ac27161e9f4372a3450e
http://git.kernel.org/stable/c/196b87e5c00ce021e164a5de0f0d04f4116a9160
http://git.kernel.org/stable/c/76cb2aa3421fee4fde706dec41b1344bc0a9ad67
http://git.kernel.org/stable/c/b493ad718b1f0357394d2cdecbf00a44a36fa085
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
