Vulnerability identifier: #VU91477
Vulnerability risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-362
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the scpsys_add_subdomain() and scpsys_remove_one_domain() functions in drivers/soc/mediatek/mtk-pm-domains.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/475426ad1ae0bfdfd8f160ed9750903799392438
http://git.kernel.org/stable/c/339ddc983bc1622341d95f244c361cda3da3a4ff
http://git.kernel.org/stable/c/f83b9abee9faa4868a6fac4669b86f4c215dae25
http://git.kernel.org/stable/c/3cd1d92ee1dbf3e8f988767eb75f26207397792b
http://git.kernel.org/stable/c/c41336f4d69057cbf88fed47951379b384540df5
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.