#VU91390 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU91390
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vc_do_resize() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/7e71fcedfda6f7de18f850a6b36e78d78b04476f
http://git.kernel.org/stable/c/70aed03b1d5a5df974f456cdc8eedb213c94bb8b
http://git.kernel.org/stable/c/067c694d06040db6f0c65281bb358452ca6d85b9
http://git.kernel.org/stable/c/8a6a240f52e14356386030d8958ae8b1761d2325
http://git.kernel.org/stable/c/883f7897a25e3ce14a7f274ca4c73f49ac84002a
http://git.kernel.org/stable/c/d570c48dd37dbe8fc6875d4461d01a9554ae2560
http://git.kernel.org/stable/c/699d926585daa6ec44be556cdc1ab89e5d54557b
http://git.kernel.org/stable/c/3b0c406124719b625b1aba431659f5cdc24a982c
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
