Vulnerability identifier: #VU91234
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d275de8ea7be3a453629fddae41d4156762e814c
http://git.kernel.org/stable/c/bcd46782e2ec3825d10c1552fcb674d491cc09f9
http://git.kernel.org/stable/c/cfb786b03b03c5ff38882bee38525eb9987e4d14
http://git.kernel.org/stable/c/d49fac38479bfdaec52b3ea274d290c47a294029
http://git.kernel.org/stable/c/cbaac2e5488ed54833897264a5ffb2a341a9f196
http://git.kernel.org/stable/c/92309bed3c5fbe2ccd4c45056efd42edbd06162d
http://git.kernel.org/stable/c/6794090c742008c53b344b35b021d4a3093dc50a
http://git.kernel.org/stable/c/62fc3357e079a07a22465b9b6ef71bb6ea75ee4b
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.