#VU90879 Use of uninitialized resource in Linux kernel
Vulnerability identifier: #VU90879
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65
http://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777
http://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77
http://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285
http://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44
http://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736
http://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d
http://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
