#VU92969 Resource management error in Linux kernel
Vulnerability identifier: #VU92969
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmk80xx_find_usb_endpoints() function in drivers/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/b0b268eeb087e324ef3ea71f8e6cabd07630517f
http://git.kernel.org/stable/c/ac882d6b21bffecb57bcc4486701239eef5aa67b
http://git.kernel.org/stable/c/59f33af9796160f851641d960bd93937f282c696
http://git.kernel.org/stable/c/6ec3514a7d35ad9cfab600187612c29f669069d2
http://git.kernel.org/stable/c/d1718530e3f640b7d5f0050e725216eab57a85d8
http://git.kernel.org/stable/c/3a63ae0348d990e137cca04eced5b08379969ea9
http://git.kernel.org/stable/c/a3b8ae7e9297dd453f2977b011c5bc75eb20e71b
http://git.kernel.org/stable/c/f15370e315976198f338b41611f37ce82af6cf54
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
