#VU91222 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU91222
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/4a5a573387da6a6b23a4cc62147453ff1bc32afa
http://git.kernel.org/stable/c/ddec23f206a944c73bcc2724358b85388837daff
http://git.kernel.org/stable/c/674c951ab8a23f7aff9b4c3f2f865901bc76a290
http://git.kernel.org/stable/c/35297fc68de36826087e976f86a5b1f94fd0bf95
http://git.kernel.org/stable/c/7e3242c139c38e60844638e394c2877b16b396b0
http://git.kernel.org/stable/c/8745a8d74ba17dafe72b6ab461fa6c007d879747
http://git.kernel.org/stable/c/1876881c9a49613b5249fb400cbf53412d90cb09
http://git.kernel.org/stable/c/d101291b2681e5ab938554e3e323f7a7ee33e3aa
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
