#VU90884 Use of uninitialized resource in Linux kernel
Vulnerability identifier: #VU90884
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3e0af6eec1789fd11934164a7f4dbcad979855a4
http://git.kernel.org/stable/c/2a36d9e2995c8c3c3f179aab1215a69cff06cbed
http://git.kernel.org/stable/c/310f1c92f65ad905b7e81fe14de82d979ebbd825
http://git.kernel.org/stable/c/30bc4d7aebe33904b0f2d3aad4b4a9c6029ad0c5
http://git.kernel.org/stable/c/cda10784a176d7192f08ecb518f777a4e9575812
http://git.kernel.org/stable/c/9ffc5018020fe646795a8dc1203224b8f776dc09
http://git.kernel.org/stable/c/4931e80da9463b03bfe42be54a9a19f213b0f76d
http://git.kernel.org/stable/c/e9c65989920f7c28775ec4e0c11b483910fb67b8
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
