#VU91429 Race condition within a thread in Linux kernel
Vulnerability identifier: #VU91429
Vulnerability risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-366
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856
http://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a
http://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3
http://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1
http://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf
http://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b
http://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc2d60ad4
http://git.kernel.org/stable/c/d380ce70058a4ccddc3e5f5c2063165dc07672c6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
