#VU90933 Improper error handling in Linux kernel
Vulnerability identifier: #VU90933
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the imsttfb_probe() function in drivers/video/fbdev/imsttfb.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/382e1931e0c9cd58a5a8519cdc6cd9dc4d82b485
http://git.kernel.org/stable/c/6c66d737b2726ac7784269ddf32a31634f8f269d
http://git.kernel.org/stable/c/a4dfebec32ec6d420a5506dd56a7834c91be28e4
http://git.kernel.org/stable/c/8e4b510fe91782522b7ca0ca881b663b5d35e513
http://git.kernel.org/stable/c/7bc7b82fb2191b0d50a80ee4e27030918767dd1d
http://git.kernel.org/stable/c/18d26f9baca7d0d309303e3074a2252b8310884a
http://git.kernel.org/stable/c/b346a531159d08c564a312a9eaeea691704f3c00
http://git.kernel.org/stable/c/aba6ab57a910ad4b940c2024d15f2cdbf5b7f76b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
