#VU92172 Security features bypass in Linux kernel
Vulnerability identifier: #VU92172
Vulnerability risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-254
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18
http://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1
http://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99
http://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2
http://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3
http://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f
http://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7
http://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a565cf55
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
