#VU91393 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU91393
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/99740c4791dc8019b0d758c5389ca6d1c0604d95
http://git.kernel.org/stable/c/86bf75d9158f511db7530bc82a84b19a5134d089
http://git.kernel.org/stable/c/3ff4a0f6a8f0ad4b4ee9e908bdfc3cacb7be4060
http://git.kernel.org/stable/c/8f562f3b25177c2055b20fd8cf000496f6fa9194
http://git.kernel.org/stable/c/537040c257ab4cd0673fbae048f3940c8ea2e589
http://git.kernel.org/stable/c/7e9926fef71e514b4a8ea9d11d5a84d52b181362
http://git.kernel.org/stable/c/ae99e199037c580b7350bfa3596f447a53bcf01f
http://git.kernel.org/stable/c/ca2cf98d46748373e830a13d85d215d64a2d9bf2
http://git.kernel.org/stable/c/e2c02a85bf53ae86d79b5fccf0a75ac0b78e0c96
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
