#VU90862 Use of uninitialized resource in Linux kernel
Vulnerability identifier: #VU90862
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9
http://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c
http://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216
http://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a
http://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2
http://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340
http://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a
http://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
