Vulnerability identifier: #VU92054
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-388
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f
http://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba
http://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021
http://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65
http://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c
http://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3
http://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.