#VU91080 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU91080
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mii_get_phy() function in drivers/net/ethernet/dec/tulip/de4x5.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/ec5bd0aef1cec96830d0c7e06d3597d9e786cc98
http://git.kernel.org/stable/c/142ead3dc70411bd5977e8c47a6d8bf22287b3f8
http://git.kernel.org/stable/c/d3dedaa5a601107cfedda087209772c76e364d58
http://git.kernel.org/stable/c/2c1a6a9a011d622a7c61324a97a49801ba425eff
http://git.kernel.org/stable/c/77ff166909458646e66450e42909e0adacc99049
http://git.kernel.org/stable/c/f059fa40f0fcc6bc7a12e0f2a2504e9a4ff74f1f
http://git.kernel.org/stable/c/12f907cb11576b8cd0b1d95a16d1f10ed5bb7237
http://git.kernel.org/stable/c/61217be886b5f7402843677e4be7e7e83de9cb41
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
