Vulnerability identifier: #VU91675
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-908
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the i40e_reset_all_vfs() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d
http://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a
http://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c
http://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31
http://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba
http://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0
http://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6
http://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.