#VU90877 Use of uninitialized resource in Linux kernel
Vulnerability identifier: #VU90877
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/e3b2bfb8ff1810a537b2aa55ba906a6743ed120c
http://git.kernel.org/stable/c/889ed056eae7fda85b769a9ab33c093379c45428
http://git.kernel.org/stable/c/7fb2d4d6bb1c85f7a23aace0ed6c86a95dea792a
http://git.kernel.org/stable/c/a809bbfd0e503351d3051317288a70a4569a4949
http://git.kernel.org/stable/c/1ed222ca7396938eb1ab2d034f1ba0d8b00a7122
http://git.kernel.org/stable/c/39cc316fb3bc5e7c9dc5eed314fe510d119c6862
http://git.kernel.org/stable/c/97d2148ea435dff4b4e71817c9032eb321bcd37e
http://git.kernel.org/stable/c/09e5cdbe2cc88c3c758927644a3eb02fac317209
http://git.kernel.org/stable/c/ddbec99f58571301679addbc022256970ca3eac6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
