#VU91081 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU91081
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_read_inode() function in fs/isofs/inode.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/156ce5bb6cc43a80a743810199defb1dc3f55b7f
http://git.kernel.org/stable/c/9ec33a9b8790c212cc926a88c5e2105f97f3f57e
http://git.kernel.org/stable/c/afbd40f425227e661d991757e11cc4db024e761f
http://git.kernel.org/stable/c/b0ddff8d68f2e43857a84dce54c3deab181c8ae1
http://git.kernel.org/stable/c/6e80e9314f8bb52d9eabe1907698718ff01120f5
http://git.kernel.org/stable/c/86d4aedcbc69c0f84551fb70f953c24e396de2d7
http://git.kernel.org/stable/c/b2fa1f52d22c5455217b294629346ad23a744945
http://git.kernel.org/stable/c/e7fb722586a2936b37bdff096c095c30ca06404d
http://git.kernel.org/stable/c/e96a1866b40570b5950cda8602c2819189c62a48
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
