#VU91096 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU91096
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the decode_seq() function in net/netfilter/nf_conntrack_h323_asn1.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb
http://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a
http://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc
http://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13
http://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591
http://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c
http://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416
http://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
