#VU91236 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU91236
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07
http://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185
http://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2
http://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959
http://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8ed
http://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6
http://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e621bb51
http://git.kernel.org/stable/c/e97fe4901e0f59a0bfd524578fe3768f8ca42428
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
