Vulnerability identifier: #VU91394
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/5533686e99b04994d7c4877dc0e4282adc9444a2
http://git.kernel.org/stable/c/b2dfb216f32627c2f6a8041f2d9d56d102ab87c0
http://git.kernel.org/stable/c/a09aecb6cb482de88301c43bf00a6c8726c4d34f
http://git.kernel.org/stable/c/3aedcf3755c74dafc187eb76acb04e3e6348b1a9
http://git.kernel.org/stable/c/185de0b7cdeaad8b89ebd4c8a258ff2f21adba99
http://git.kernel.org/stable/c/9b4c4546dd61950e80ffdca1bf6925f42b665b03
http://git.kernel.org/stable/c/7e5432401536117c316d7f3b21d46b64c1514f38
http://git.kernel.org/stable/c/5638330150db2cc30b53eed04e481062faa3ece8
http://git.kernel.org/stable/c/a903cfd38d8dee7e754fb89fd1bebed99e28003d
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.