Vulnerability identifier: #VU92901
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-125
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_xr_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/17e16a66b4f9a310713d8599e6e1ca4a0c9fd28c
http://git.kernel.org/stable/c/54abca038e287d3746dd40016514670a7f654c5c
http://git.kernel.org/stable/c/7659f25a80e6affb784b690df8994b79b4212fd4
http://git.kernel.org/stable/c/fd9a23319f16e7031f0d8c98eed6e093c2927229
http://git.kernel.org/stable/c/6877f87579ed830f9ff6d478539074f035d04bfb
http://git.kernel.org/stable/c/b0a7836ecf1345814a7d8ef748fb797c520dad18
http://git.kernel.org/stable/c/e09cf398e8c6db69c620b6d8073abc4377a07af5
http://git.kernel.org/stable/c/4cf28e9ae6e2e11a044be1bcbcfa1b0d8675fe4d
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.