Vulnerability identifier: #VU92043
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5
http://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4
http://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b
http://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9
http://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3
http://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44
http://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.