Vulnerability identifier: #VU91427
Vulnerability risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-366
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007
http://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77
http://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331
http://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8
http://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b
http://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df
http://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859
http://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.