Vulnerability identifier: #VU92371
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/68396c825c43664b20a3a1ba546844deb2b4e48f
http://git.kernel.org/stable/c/74bfb8d90f2601718ae203faf45a196844c01fa1
http://git.kernel.org/stable/c/bdd0aa055b8ec7e24bbc19513f3231958741d0ab
http://git.kernel.org/stable/c/83f0ba8592b9e258fd80ac6486510ab1dcd7ad6e
http://git.kernel.org/stable/c/ceab795a67dd28dd942d0d8bba648c6c0f7a044b
http://git.kernel.org/stable/c/2c95241ac5fc90c929d6c0c023e84bf0d30e84c3
http://git.kernel.org/stable/c/abb1ad69d98cf1ff25bb14fff0e7c3f66239e1cd
http://git.kernel.org/stable/c/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.