#VU92365 Improper locking in Linux kernel
Vulnerability identifier: #VU92365
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-667
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nr_add_node() and nr_del_node() functions in net/netrom/nr_route.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b9d663fbf74290cb68fbc66ae4367bd56837ad1d
http://git.kernel.org/stable/c/1fbfb483c1a290dce3f41f52d45cc46dd88b7691
http://git.kernel.org/stable/c/b117e5b4f27c2c9076561b6be450a9619f0b79de
http://git.kernel.org/stable/c/421c50fa81836775bf0fd6ce0e57a6eb27af24d5
http://git.kernel.org/stable/c/3db2fc45d1d2a6457f06ebdfd45b9820e5b5c2b7
http://git.kernel.org/stable/c/f28bdc2ee5d9300cc77bd3d97b5b3cdd14960fd8
http://git.kernel.org/stable/c/5fb7e2a4335fc67d6952ad2a6613c46e0b05f7c5
http://git.kernel.org/stable/c/5bc50a705cfac8f64ce51c95611c3dd0554ef9c3
http://git.kernel.org/stable/c/e03e7f20ebf7e1611d40d1fdc1bde900fd3335f6
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
