Vulnerability identifier: #VU91412
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/21bfca822cfc1e71796124e93b46e0d9fa584401
http://git.kernel.org/stable/c/c448a9fd50f77e8fb9156ff64848aa4295eb3003
http://git.kernel.org/stable/c/5095b93021b899f54c9355bebf36d78854c33a22
http://git.kernel.org/stable/c/b65fb50e04a95eec34a9d1bc138454a98a5578d8
http://git.kernel.org/stable/c/0561b65fbd53d3e788c5b0222d9112ca016fd6a1
http://git.kernel.org/stable/c/29e94f295bad5be59cf4271a93e22cdcf5536722
http://git.kernel.org/stable/c/418c5575d56410c6e186ab727bf32ae32447d497
http://git.kernel.org/stable/c/9c0f59e47a90c54d0153f8ddc0f80d7a36207d0e
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.