Vulnerability identifier: #VU92350
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/4b68b861b514a5c09220d622ac3784c0ebac6c80
http://git.kernel.org/stable/c/82c2c85aead3ea3cbceef4be077cf459c5df2272
http://git.kernel.org/stable/c/a1ab99dcc8604afe7e3bccb01b10da03bdd7ea35
http://git.kernel.org/stable/c/cc20c87b04db86c8e3e810bcdca686b406206069
http://git.kernel.org/stable/c/69b27ff82f87379afeaaea4b2f339032fdd8486e
http://git.kernel.org/stable/c/6482c433863b257b0b9b687c28ce80b89d5f89f0
http://git.kernel.org/stable/c/3b621e9e9e148c0928ab109ac3d4b81487469acb
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.