#VU91476 Race condition in Linux kernel
Vulnerability identifier: #VU91476
Vulnerability risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the list_set_destroy() and list_set_same_set() functions in net/netfilter/ipset/ip_set_list_set.c, within the ip_set_destroy_set(), ip_set_destroy(), ip_set_swap() and ip_set_fini() functions in net/netfilter/ipset/ip_set_core.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225
http://git.kernel.org/stable/c/a24d5f2ac8ef702a58e55ec276aad29b4bd97e05
http://git.kernel.org/stable/c/c2dc077d8f722a1c73a24e674f925602ee5ece49
http://git.kernel.org/stable/c/653bc5e6d9995d7d5f497c665b321875a626161c
http://git.kernel.org/stable/c/b93a6756a01f4fd2f329a39216f9824c56a66397
http://git.kernel.org/stable/c/970709a67696b100a57b33af1a3d75fc34b747eb
http://git.kernel.org/stable/c/97f7cf1cd80eeed3b7c808b7c12463295c751001
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
