#VU91223 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU91223
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the construct_integrated_info() function in drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a
http://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c
http://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b
http://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0
http://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
