#VU92322 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU92322
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/1c125b9287e58f364d82174efb167414b92b11f1
http://git.kernel.org/stable/c/235b85981051cd68fc215fd32a81c6f116bfc4df
http://git.kernel.org/stable/c/edbfc42ab080e78c6907d40a42c9d10b69e445c1
http://git.kernel.org/stable/c/12db25a54ce6bb22b0af28010fff53ef9cb3fe93
http://git.kernel.org/stable/c/0d0f8ba042af16519f1ef7dd10463a33b21b677c
http://git.kernel.org/stable/c/2ed750b7ae1b5dc72896d7dd114c419afd3d1910
http://git.kernel.org/stable/c/a20f09452e2f58f761d11ad7b96b5c894c91030e
http://git.kernel.org/stable/c/f6008487f1eeb8693f8d2a36a89c87d9122ddf74
http://git.kernel.org/stable/c/85a6a1aff08ec9f5b929d345d066e2830e8818e5
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
