#VU91358 Information disclosure in Linux kernel
Vulnerability identifier: #VU91358
Vulnerability risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-200
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can gain access to sensitive information.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/0053f15d50d50c9312d8ab9c11e2e405812dfcac
http://git.kernel.org/stable/c/5c2386ba80e779a92ec3bb64ccadbedd88f779b1
http://git.kernel.org/stable/c/cea234bb214b17d004dfdccce4491e6ff57c96ee
http://git.kernel.org/stable/c/3678cf67ff7136db1dd3bf63c361650db5d92889
http://git.kernel.org/stable/c/d4c34782b6d7b1e68d18d9549451b19433bd4c6c
http://git.kernel.org/stable/c/e293c773c13b830cdc251f155df2254981abc320
http://git.kernel.org/stable/c/f4ff08fab66eb5c0b97e1a24edac052fb40bf5d7
http://git.kernel.org/stable/c/f23a4d6e07570826fe95023ca1aa96a011fa9f84
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
