#VU92356 Improper locking in Linux kernel
Vulnerability identifier: #VU92356
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the netlink_sendmsg() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel: All versions
External links
http://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010
http://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6
http://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced
http://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41
http://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51
http://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5
http://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35
http://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a42798797d0
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
