#VU91550 Improper Initialization in Linux kernel
Vulnerability identifier: #VU91550
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-665
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the nj_probe() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/958cb1078ca60d214826fd90a0961a447fade59a
http://git.kernel.org/stable/c/4c1fcb6ec964b44edbf84235134582a5ffae1521
http://git.kernel.org/stable/c/a0a37e4454ca1c0b424edc2c9c2487c2c46a1be6
http://git.kernel.org/stable/c/bf78e25bd3f487208e042c67c8a31706c2dba265
http://git.kernel.org/stable/c/9d7d4649dc1c53acf76df260fd519db698ed20d7
http://git.kernel.org/stable/c/143fc7220961220eecc04669e5909af8847bf8c8
http://git.kernel.org/stable/c/6249193e03709ea625e10706ecaf17fea0427d3d
http://git.kernel.org/stable/c/9f6f852550d0e1b7735651228116ae9d300f69b3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
