#VU92364 Improper locking in Linux kernel
Vulnerability identifier: #VU92364
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the alloc_srqc() and free_srqc() functions in drivers/infiniband/hw/hns/hns_roce_srq.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/4a3be1a0ffe04c085dd7f79be97c91b0c786df3d
http://git.kernel.org/stable/c/756ddbe665ea7f9416951bd76731b174d136eea0
http://git.kernel.org/stable/c/22c915af31bd84ffaa46145e317f53333f94a868
http://git.kernel.org/stable/c/72dc542f0d8977e7d41d610db6bb65c47cad43e9
http://git.kernel.org/stable/c/d271e66abac5c7eb8de345b9b44d89f777437a4c
http://git.kernel.org/stable/c/b46494b6f9c19f141114a57729e198698f40af37
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
