Vulnerability identifier: #VU91411
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/04720ea2e6c64459a90ca28570ea78335eccd924
http://git.kernel.org/stable/c/b3ddf6904073990492454b1dd1c10a24be8c74c6
http://git.kernel.org/stable/c/70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d
http://git.kernel.org/stable/c/87b6af1a7683e021710c08fc0551fc078346032f
http://git.kernel.org/stable/c/3fe79b2c83461edbbf86ed8a6f3924820ff89259
http://git.kernel.org/stable/c/4ca2a5fb54ea2cc43edea614207fcede562d91c2
http://git.kernel.org/stable/c/ca54e2671548616ad34885f90d4f26f7adb088f0
http://git.kernel.org/stable/c/b1f532a3b1e6d2e5559c7ace49322922637a28aa
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.