#VU90896 Double free in Linux kernel
Vulnerability identifier: #VU90896
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-415
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the LIST_HEAD(), nvme_fc_free_lport(), nvme_fc_init_module(), device_destroy() and nvme_fc_delete_controllers() functions in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/4f2c95015ec2a1899161be6c0bdaecedd5a7bfb2
http://git.kernel.org/stable/c/0bf567d6d9ffe09e059bbdfb4d07143cef42c75c
http://git.kernel.org/stable/c/085195aa90a924c79e35569bcdad860d764a8e17
http://git.kernel.org/stable/c/baa6b7eb8c66486bd64608adc63fe03b30d3c0b9
http://git.kernel.org/stable/c/c0882c366418bf9c19e1ba7f270fe377a9bf5d67
http://git.kernel.org/stable/c/70fbfc47a392b98e5f8dba70c6efc6839205c982
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
