#VU92321 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU92321
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/42f0a3f67158ed6b2908d2b9ffbf7e96d23fd358
http://git.kernel.org/stable/c/cd7f3978c2ec741aedd1d860b2adb227314cf996
http://git.kernel.org/stable/c/07ef95cc7a579731198c93beed281e3a79a0e586
http://git.kernel.org/stable/c/504178fb7d9f6cdb0496d5491efb05f45597e535
http://git.kernel.org/stable/c/3726f75a1ccc16cd335c0ccfad1d92ee08ecba5e
http://git.kernel.org/stable/c/c6e1650cf5df1bd6638eeee231a683ef30c7d4eb
http://git.kernel.org/stable/c/eb1ea64328d4cc7d7a912c563f8523d5259716ef
http://git.kernel.org/stable/c/d52c04474feac8e305814a5228e622afe481b2ef
http://git.kernel.org/stable/c/008ab3c53bc4f0b2f20013c8f6c204a3203d0b8b
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
