#VU92976 Buffer overflow in Linux kernel
Vulnerability identifier: #VU92976
Vulnerability risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-119
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
Linux kernel
Operating systems & Components /
Operating system
Vendor: Linux Foundation
Description
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Linux kernel:
External links
http://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427
http://git.kernel.org/stable/c/b50f5ca60475710bbc9a3af32fbfc17b1e69c2f0
http://git.kernel.org/stable/c/546ba238535d925254e0b3f12012a5c55801e2f3
http://git.kernel.org/stable/c/5904dfd3ddaff3bf4a41c3baf0a8e8f31ed4599b
http://git.kernel.org/stable/c/9c61fce322ac2ef7fecf025285353570d60e41d6
http://git.kernel.org/stable/c/e3b131e30e612ff0e32de6c1cb4f69f89db29193
http://git.kernel.org/stable/c/9340226388c66a7e090ebb00e91ed64a753b6c26
http://git.kernel.org/stable/c/c9a18f7c5b071dce5e6939568829d40994866ab0
http://git.kernel.org/stable/c/26fbe9772b8c459687930511444ce443011f86bf
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
