#VU90930 Improper error handling in Linux kernel
Vulnerability identifier: #VU90930
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the batadv_tt_init() function in net/batman-adv/translation-table.c, within the batadv_nc_mesh_init() function in net/batman-adv/network-coding.c, within the batadv_mesh_init() function in net/batman-adv/main.c, within the batadv_bla_init() function in net/batman-adv/bridge_loop_avoidance.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/0c6b199f09be489c48622537a550787fc80aea73
http://git.kernel.org/stable/c/07533f1a673ce1126d0a72ef1e4b5eaaa3dd6d20
http://git.kernel.org/stable/c/e50f957652190b5a88a8ebce7e5ab14ebd0d3f00
http://git.kernel.org/stable/c/fbf150b16a3635634b7dfb7f229d8fcd643c6c51
http://git.kernel.org/stable/c/6422e8471890273994fe8cc6d452b0dcd2c9483e
http://git.kernel.org/stable/c/b0a2cd38553c77928ef1646ed1518486b1e70ae8
http://git.kernel.org/stable/c/a8f7359259dd5923adc6129284fdad12fc5db347
http://git.kernel.org/stable/c/6f68cd634856f8ca93bafd623ba5357e0f648c68
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
