#VU91505 Improper locking in Linux kernel
Vulnerability identifier: #VU91505
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the list_for_each_entry_safe(), stress_one_work() and stress() functions in kernel/locking/test-ww_mutex.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/d4d37c9e6a4dbcca958dabd99216550525c7e389
http://git.kernel.org/stable/c/d8267cabbe1bed15ccf8b0e684c528bf8eeef715
http://git.kernel.org/stable/c/dcd85e3c929368076a7592b27f541e0da8b427f5
http://git.kernel.org/stable/c/9ed2d68b3925145f5f51c46559484881d6082f75
http://git.kernel.org/stable/c/e89d0ed45a419c485bae999426ecf92697cbdda3
http://git.kernel.org/stable/c/c56df79d68677cf062da1b6e3b33e74299a92dfc
http://git.kernel.org/stable/c/e36407713163363e65566e7af0abe207d5f59a0c
http://git.kernel.org/stable/c/304a2c4aad0fff887ce493e4197bf9cbaf394479
http://git.kernel.org/stable/c/bccdd808902f8c677317cec47c306e42b93b849e
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
