#VU91349 Information disclosure in Linux kernel
Vulnerability identifier: #VU91349
Vulnerability risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the inet6_rtm_getaddr() function in net/ipv6/addrconf.c. A local user can gain access to sensitive information.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/9d4ffb5b9d879a75e4f7460e8b10e756b4dfb132
http://git.kernel.org/stable/c/810fa7d5e5202fcfb22720304b755f1bdfd4c174
http://git.kernel.org/stable/c/8a54834c03c30e549c33d5da0975f3e1454ec906
http://git.kernel.org/stable/c/1b0998fdd85776775d975d0024bca227597e836a
http://git.kernel.org/stable/c/44112bc5c74e64f28f5a9127dc34066c7a09bd0f
http://git.kernel.org/stable/c/33a1b6bfef6def2068c8703403759024ce17053e
http://git.kernel.org/stable/c/10bfd453da64a057bcfd1a49fb6b271c48653cdb
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
