#VU90885 Double Free in Linux kernel
Vulnerability identifier: #VU90885
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-415
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d
http://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd
http://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068
http://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca
http://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e
http://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c
http://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba
http://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
