#VU92041 Improper locking in Linux kernel
Vulnerability identifier: #VU92041
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43
http://git.kernel.org/stable/c/6b92b1bc16d691c95b152c6dbf027ad64315668d
http://git.kernel.org/stable/c/ffeb72a80a82aba59a6774b0611f792e0ed3b0b7
http://git.kernel.org/stable/c/8de8305a25bfda607fc13475ebe84b978c96d7ff
http://git.kernel.org/stable/c/d639102f4cbd4cb65d1225dba3b9265596aab586
http://git.kernel.org/stable/c/d3bbe77a76bc52e9d4d0a120f1509be36e25c916
http://git.kernel.org/stable/c/21dbe20589c7f48e9c5d336ce6402bcebfa6d76a
http://git.kernel.org/stable/c/832698373a25950942c04a512daa652c18a9b513
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
