#VU90803 Improper locking in Linux kernel
Vulnerability identifier: #VU90803
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48
http://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e
http://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c
http://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957
http://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83
http://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb
http://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
