#VU91353 Information disclosure in Linux kernel
Vulnerability identifier: #VU91353
Vulnerability risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/a62b9f3d7bbfac874cc0c638bc1776dcf1f8ec06
http://git.kernel.org/stable/c/6632a54ac8057cc0b0d789c6f73883e871bcd25c
http://git.kernel.org/stable/c/a039690d323221eb5865f1f31db3ec264e7a14b6
http://git.kernel.org/stable/c/e8025439ef8e16029dc313d78a351ef192469b7b
http://git.kernel.org/stable/c/913421f9f7fd8324dcc41753d0f28b52e177ef04
http://git.kernel.org/stable/c/aebfdfe39b9327a3077d0df8db3beb3160c9bdd0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
