#VU90868 Use of uninitialized resource in Linux kernel
Vulnerability identifier: #VU90868
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/900a4418e3f66a32db6baaf23f92b99c20ae6535
http://git.kernel.org/stable/c/9a3f9054a5227d7567cba1fb821df48ccecad10c
http://git.kernel.org/stable/c/cbdcdf42d15dac74c7287679fb2a9d955f8feb1f
http://git.kernel.org/stable/c/3a2653828ffc6101aef80bf58d5b77484239f779
http://git.kernel.org/stable/c/352887b3edd007cf9b0abc30fe9d98622acd859b
http://git.kernel.org/stable/c/f980e9a57dfb9530f1f4ee41a2420f2a256d7b29
http://git.kernel.org/stable/c/0a720d0259ad3521ec6c9e4199f9f6fc75bac77a
http://git.kernel.org/stable/c/ff5cb6a4f0c6d7fbdc84858323fb4b7af32cfd79
http://git.kernel.org/stable/c/7b3ba18703a63f6fd487183b9262b08e5632da1b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
