#VU92067 NULL pointer dereference in Linux kernel
Vulnerability identifier: #VU92067
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc2_hcd_init() function in drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/4b7f4a0eb92bf37bea4cd838c7f83ea42823ca8b
http://git.kernel.org/stable/c/a7182993dd8e09f96839ddc3ac54f9b37370d282
http://git.kernel.org/stable/c/8b9c1c33e51d0959f2aec573dfbac0ffd3f5c0b7
http://git.kernel.org/stable/c/2754fa3b73df7d0ae042f3ed6cfd9df9042f6262
http://git.kernel.org/stable/c/337f00a0bc62d7cb7d10ec0b872c79009a1641df
http://git.kernel.org/stable/c/856e6e8e0f9300befa87dde09edb578555c99a82
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
