#VU90807 Improper locking in Linux kernel
Vulnerability identifier: #VU90807
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the trace_clock_global() function in kernel/trace/trace_clock.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/91ca6f6a91f679c8645d7f3307e03ce86ad518c4
http://git.kernel.org/stable/c/859b47a43f5a0e5b9a92b621dc6ceaad39fb5c8b
http://git.kernel.org/stable/c/1fca00920327be96f3318224f502e4d5460f9545
http://git.kernel.org/stable/c/d43d56dbf452ccecc1ec735cd4b6840118005d7c
http://git.kernel.org/stable/c/c64da3294a7d59a4bf6874c664c13be892f15f44
http://git.kernel.org/stable/c/a33614d52e97fc8077eb0b292189ca7d964cc534
http://git.kernel.org/stable/c/6e2418576228eeb12e7ba82edb8f9500623942ff
http://git.kernel.org/stable/c/2a1bd74b8186d7938bf004f5603f25b84785f63e
http://git.kernel.org/stable/c/aafe104aa9096827a429bc1358f8260ee565b7cc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
