#VU92024 Improper locking in Linux kernel
Vulnerability identifier: #VU92024
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pipe_resize_ring() and pipe_set_size() functions in fs/pipe.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8
http://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9
http://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f
http://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24
http://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55
http://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
