Vulnerability identifier: #VU91318
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5
http://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651
http://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40
http://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf
http://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7
http://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6
http://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42
http://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.