Vulnerability identifier: #VU91644
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-401
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_iounmap() function in lib/pci_iomap.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/5e4b23e7a7b33a1e56bfa3e5598138a2234d55b6
http://git.kernel.org/stable/c/6d21d0356aa44157a62e39c0d1a13d4c69a8d0c8
http://git.kernel.org/stable/c/b5d40f02e7222da032c2042aebcf2a07de9b342f
http://git.kernel.org/stable/c/f3749345a9b7295dd071d0ed589634cb46364f77
http://git.kernel.org/stable/c/af280e137e273935f2e09f4d73169998298792ed
http://git.kernel.org/stable/c/7626913652cc786c238e2dd7d8740b17d41b2637
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.