#VU92327 Out-of-bounds read in Linux kernel
Vulnerability identifier: #VU92327
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/481fc0c8617304a67649027c4a44723a139a0462
http://git.kernel.org/stable/c/595a6b98deec01b6dbb20139f71edcd5fb760ec2
http://git.kernel.org/stable/c/00b425ff0891283207d7bad607a2412225274d7a
http://git.kernel.org/stable/c/1708e3cf2488788cba5489e4f913d227de757baf
http://git.kernel.org/stable/c/7d3e694c4fe30f3aba9cd5ae86fb947a54c3db5c
http://git.kernel.org/stable/c/204714e68015d6946279719fd464ecaf57240f35
http://git.kernel.org/stable/c/7510fab46b1cbd1680e2a096e779aec3334b4143
http://git.kernel.org/stable/c/ecb76200f5557a2886888aaa53702da1ab9e6cdf
http://git.kernel.org/stable/c/13d0cecb4626fae67c00c84d3c7851f6b62f7df3
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
