#VU92929 Infinite loop in Linux kernel
Vulnerability identifier: #VU92929
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-835
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pciehp_ist() function in drivers/pci/hotplug/pciehp_hpc.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/ff27f7d0333cff89ec85c419f431aca1b38fb16a
http://git.kernel.org/stable/c/464da38ba827f670deac6500a1de9a4f0f44c41d
http://git.kernel.org/stable/c/3b4c966fb156ff3e70b2526d964952ff7c1574d9
http://git.kernel.org/stable/c/1db58c6584a72102e98af2e600ea184ddaf2b8af
http://git.kernel.org/stable/c/6d6f1f0dac3e3441ecdb1103d4efb11b9ed24dd5
http://git.kernel.org/stable/c/23584c1ed3e15a6f4bfab8dc5a88d94ab929ee12
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
