Vulnerability identifier: #VU92325
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hns3_pmu_validate_event_group() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/3669baf308308385a2ab391324abdde5682af5aa
http://git.kernel.org/stable/c/be1fa711e59c874d049f592aef1d4685bdd22bdf
http://git.kernel.org/stable/c/b5120d322763c15c978bc47beb3b6dff45624304
http://git.kernel.org/stable/c/aa2d3d678895c8eedd003f1473f87d3f06fe6ec7
http://git.kernel.org/stable/c/81bdd60a3d1d3b05e6cc6674845afb1694dd3a0e
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.