Vulnerability identifier: #VU91521
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/a50dbeca28acf7051dfa92786b85f704c75db6eb
http://git.kernel.org/stable/c/62e27ef18eb4f0d33bbae8e9ef56b99696a74713
http://git.kernel.org/stable/c/40f4ced305c6c47487d3cd8da54676e2acc1a6ad
http://git.kernel.org/stable/c/52854101180beccdb9dc2077a3bea31b6ad48dfa
http://git.kernel.org/stable/c/f8bbc07ac535593139c875ffa19af924b1084540
http://git.kernel.org/stable/c/68459b8e3ee554ce71878af9eb69659b9462c588
http://git.kernel.org/stable/c/4b0dcae5c4797bf31c63011ed62917210d3fdac3
http://git.kernel.org/stable/c/14cdb43dbc827e18ac7d5b30c5b4c676219f1421
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.