#VU90872 Use of uninitialized resource in Linux kernel
Vulnerability identifier: #VU90872
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/43be590456e1f3566054ce78ae2dbb68cbe1a536
http://git.kernel.org/stable/c/d3adf11d7993518a39bd02b383cfe657ccc0023c
http://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915
http://git.kernel.org/stable/c/3c1ae6de74e3d2d6333d29a2d3e13e6094596c79
http://git.kernel.org/stable/c/4a1b65d1e55d53b397cb27014208be1e04172670
http://git.kernel.org/stable/c/190d9efa5773f26d6f334b1b8be282c4fa13fd5e
http://git.kernel.org/stable/c/357163fff3a6e48fe74745425a32071ec9caf852
http://git.kernel.org/stable/c/d8a6213d70accb403b82924a1c229e733433a5ef
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
