Vulnerability identifier: #VU91355
Vulnerability risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/43f00210cb257bcb0387e8caeb4b46375d67f30c
http://git.kernel.org/stable/c/5d43e072285e81b0b63cee7189b3357c7768a43b
http://git.kernel.org/stable/c/ac107356aabc362aaeb77463e814fc067a5d3957
http://git.kernel.org/stable/c/a4c99b57d43bab45225ba92d574a8683f9edc8e4
http://git.kernel.org/stable/c/a90bca2228c0646fc29a72689d308e5fe03e6d78
http://git.kernel.org/stable/c/f28bba37fe244889b81bb5c508d3f6e5c6e342c5
http://git.kernel.org/stable/c/57baab0f376bec8f54b0fe6beb8f77a57c228063
http://git.kernel.org/stable/c/84bd4c2ae9c3d0a7d3a5c032ea7efff17af17e17
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.