#VU92005 Buffer overflow in Linux kernel
Vulnerability identifier: #VU92005
Vulnerability risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the snd_pcm_hw_param_value_min() and snd_pcm_oss_period_size() functions in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/be8869d388593e57223ad39297c8e54be632f2f2
http://git.kernel.org/stable/c/502e1146873d870f87da3b8f93d6bf2de5f38d0c
http://git.kernel.org/stable/c/8af815ab052eaf74addbbfb556d63ce2137c0e1b
http://git.kernel.org/stable/c/f96c0959c1ee92adc911c10d6ec209af50105049
http://git.kernel.org/stable/c/f12c8a7515f641885677960af450082569a87243
http://git.kernel.org/stable/c/02b2b691b77cd7b951fa7b6c9d44d4e472cdc823
http://git.kernel.org/stable/c/00a860678098fcd9fa8db2b5fb9d2ddf4776d4cc
http://git.kernel.org/stable/c/9d2479c960875ca1239bcb899f386970c13d9cfe
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
