Vulnerability identifier: #VU92961
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the qeth_free_cq(), qeth_alloc_qdio_queues(), atomic_set(), qeth_free_qdio_queues() and qeth_qdio_poll() functions in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/8792b557eb50b986f2496156d486d0c7c85a1524
http://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6
http://git.kernel.org/stable/c/e28dd1e1bf3ebb52cdb877fb359e8978a51576e3
http://git.kernel.org/stable/c/eae0aec245712c52a3ce9c05575b541a9eef5282
http://git.kernel.org/stable/c/8a2e4d37afb8500b276e5ee903dee06f50ab0494
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.