#VU92064 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU92064
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_hdac_stream_assign() function in sound/hda/hdac_stream.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b
http://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323
http://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250
http://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7
http://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e
http://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4
http://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0
http://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd
http://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
