#VU92025 Improper locking in Linux kernel
Vulnerability identifier: #VU92025
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/4aa554832b9dc9e66249df75b8f447d87853e12e
http://git.kernel.org/stable/c/778c6ad40256f1c03244fc06d7cdf71f6b5e7310
http://git.kernel.org/stable/c/8f599ab6fabbca4c741107eade70722a98adfd9f
http://git.kernel.org/stable/c/f19b1023a3758f40791ec166038d6411c8894ae3
http://git.kernel.org/stable/c/142d87c958d9454c3cffa625fab56f3016e8f9f3
http://git.kernel.org/stable/c/fc99f4e2d2f1ce766c14e98463c2839194ae964f
http://git.kernel.org/stable/c/4b7c4fc60d6a46350fbe54f5dc937aeaa02e675e
http://git.kernel.org/stable/c/17772bbe9cfa972ea1ff827319f6e1340de76566
http://git.kernel.org/stable/c/723012cab779eee8228376754e22c6594229bf8f
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
